Information Security

The protection of ideas and technologies becomes an integral part of modern business.

We will become your partners in solving these issues.

We provide the following information protection services in modern information and telecommunication systems

  • Construction of integrated systems for the protection of information and telecommunication systems (automated systems, computer networks, web pages, protected web sites);
  • Conducting complex audit of information security of information and telecommunication systems;
  • Certification of software and hardware in the field of technical information security

Construction of integrated information security systems

The integrated information security system is a set of organizational and engineering – technical measures aimed at ensuring the protection of information circulating in information and telecommunication systems (ITS) from disclosure, leakage and unauthorized access.

The integrated information security system must be created to protect the following types of information:

  • open information relating to state information resources, as well as open information on the activities of the authorities, military formations, published on the Internet, other global information networks and systems or transmitted by telecommunication networks;
  • confidential information held by the subjects of power authorities;
  • business information;
  • Information the requirements for protection of which are established by law.

Services in the field of creation of integrated information security systems (IISS(KSZI) in ITS of all classes – information security:

  • one machine user complexes (class 1);
  • localized multi-machine multiplayer complexes (class 2);
  • distributed multi-machine multiplayer complexes (class 3).
  • the services cover all steps for the creation of a IISS (KSZI) under existing regulatory documents in the field of technical protection of information and include:
  • the preparation of organizational and administrative documentation;
  • inspection of the environment of the operation of the ITS and the preparation of the act on the results of the survey;
  • development of a technical task for the creation of a IISS (KSZI) in accordance with the current normative documents in the field of technical protection of information;
  • development of a set of technical, operational, operational, project documentation on the (IISS(KSZI) in accordance with the current normative documents in the field of technical protection of information;
  • bringing information technology infrastructure to the ITS in accordance with the developed set of documentation;
  • implementation of IISS (KSZI);
  • carrying out of preliminary tests and experimental exploitation of the IISS (KSZI);
  • organizing a state examination of the IISS (KSZI) and obtaining an appropriate certificate of conformity;
  • support and maintenance of the IISS (KSZI).

The result of the services is:

  • a technical task for the creation of a IISS (KSZI), agreed with the controlling authority (State Service for Special Communications and Information Protection of Ukraine);
  • a set of technical, operational, operational, design documentation for the IISS(KSZI);
  • a certificate of conformity of the established sample, which testifies to the compliance of the established IISS (KSZI) with the requirements of normative documents of the system of technical protection of information of Ukraine.

Comprehensive audit of information security

Information security audit is a systematic process of obtaining objective qualitative and quantitative assessments of the current state of the corporate ITS in accordance with the criteria of information security.

In order to assess the real security of resources (information security) of ITS and its ability to withstand external and internal security threats, it is necessary to conduct an audit of information security on a regular basis.

The purpose of the information security audit is to assess the security of the ITS and to develop recommendations for the application of a set of organizational measures and software tools aimed at ensuring the protection of information and other IT resources from threats to information security.

Services for conducting a comprehensive audit of information security, which include:

  • coordination of the procedure for the execution of works;
  • the study of technical, operational, organizational – regulatory, accompanying and other documentation related to the operation of the ITS and regulates the protection of information, it circulates;
  • inventory of information systems, formalization of business processes;
  • analysis of supply systems (control and access control systems, fire, security, power supply, life support, etc.);
  • the study of ITS elements, the construction of switching cards, addressing and routing schemes; analysis of information security in ITS, the operation of ITS and the interaction of its elements;
  • questioning (survey) of employees in order to check the knowledge of official and functional responsibilities, determine their level of competence in the use of specialized software;
  • Identification of deficiencies in technological and organizational – legal provision; network perimeter scanning: penetration test (audit of information security of the external and internal components of ITS in relation to Internet threats and threats related to insider activities inside the organization) in accordance with international regulatory documents on information security issues;
  • preparation of recommendations and presentation of the results.

The result of the services is a report that contains a list of detected vulnerabilities in the ITS, as well as threats that may lead to a breach of the standard operating conditions of ITS, the inefficient use of its resources, violation of the confidentiality, integrity and availability of information circulating in the ITS, as well as recommendations for elimination detected vulnerabilities and providing fault-tolerant operation of ITS.

If necessary, consultant-methodical and practical help on the issues of safe computer networks construction, configuration of server and active network equipment, security devices, user computers, as well as threat model design, information security plan in ITS, information security policy and others organizational and methodical documentation.

Certification of software and hardware in the field of technical protection of information

The result of the work is the confirmation of the conformity of the software product or hardware to the requirements of the normative documents of the system of technical protection of Ukraine, and as a consequence, the receipt of expert opinion.

Behind the many years of experience in conducting such works. Satisfied customers and positive feedback. We work with software and hardware developers, both directly and through intermediaries or official agencies.

Our customers