The protection of ideas and technologies becomes an integral part of modern business.
We will become your partners in solving these issues.
We provide following Information security services in up-to-date information&telecommunication systems:
- Development of integrated systems to ensure protection of information&telecommunication systems (automated systems, computer networks, Web-pages, secure web-hubs);
- Carrying out of the comprehensive audit of information security in information&telecommunication systems
- Certification of hardware and software in the field of technical protection of information
Development of integrated information security systems.
The integrated information security system (IISS) is a set of organizational and engineering&technical activities aimed at protection of information circulating in information&telecommunication systems (ITS) against its disclosure, leakage and unauthorized access to.
Development of the integrated information security systems is a mandatory requirement for protecting of the following types of information:
- Open data related to governmental information resources, as well as open data regarding activities of governmental authorities, military formations that are published on the Internet, other global information networks and systems or are transmitted through telecommunication networks;
- Confidential information owned by the governmental authorities;
- Information for official use only
- Information that shall be protected in accordance with requirements established in the law
Services in the field of integrated information security systems development for information&telecommunication systems of any class – information security:
- Single machine single user computer appliances (Class 1);
- Localized multi-machine multi-user computer appliances (Class 2);
- Distributed multi-machine multi-user computer appliances (Class 3).
- The services cover all phases of IISS development in accordance with current regulatory and legal documents in the field of technical protection of information and include:
- preparation of organizational and administrative documentation;
- survey of the operation environment for the IISS and the preparation of the survey certificate based on the results of the survey;
- development of the terms of reference for the IISS development in accordance with the current regulatory and legal documents in the field of technical protection of information;
- development of a package of technical, operational, and design documents for the IISS in accordance with the current regulatory and legal documents in the field of technical protection of information;
- bringing the IISS information infrastructure into compliance with the developed package of documents;
- implementation of the IISS;
- carrying out preliminary tests and trial operation of the IISS;
- organization of the IISS state expert examination and obtaining of the appropriate certificate of conformity;
- IISS support and maintenance.
The result of the services is as follows:
- The terms of reference for the IISS development is agreed with the supervisory authority (the State Service for Special Communications and Information Security of Ukraine);
- The package of technical, operational, and design documents for the IISS in accordance with the current regulatory and legal documents in the field of technical protection of information
- The certificate of conformity of the established sample that the developed IISS complies with the requirements of regulatory and legal acts documents for the systems of technical protection of information in Ukraine.
Comprehensive audit of information security
The information security audit is a systematic process of getting unbiased qualitative and quantitative assessments of the current status of the corporate ITS in accordance with the criteria of information security.
In order to assess the real situation with degree of protection and security of resources (information security) of the ITS and its ability to withstand external and internal security threats, it is necessary to carry out the audit of information security on a regular basis.
The purpose of the information security audit is to assess the ITS security and develop recommendations for the application of a organizational activity package and hardware&software tools to ensure protection of information and other IT resources from threats related with the information security.
Services for carrying out the comprehensive audit of information security include:
- getting agreed the order of works performance;
- studying technical, operational, organizational, regulatory, supporting and other documents related to the ITS operation and regulating information security circulating therein;
- inventory of information systems, formalization of business processes;
- analysis of supporting systems (management and access control systems, fire, security, power supply, life support, etc.);
- studying the ITS elements, drawing up connection maps, addressing and routing outlines;
- analysis of information security within the ITS, the procedure of the ITS operation and interaction between its elements;
- carrying out surveys (questionnaires) of employees in order to check the knowledge of official and functional responsibilities, determine the level of their competency in using of specialized software;
- Identification of flaws in technological and organizational and legal support;
- scanning the network perimeter: carrying out penetration test (audit of information security of the external and internal components of the ITS in relation to Internet threats and threats related to insider activities within the organization) in accordance with international regulatory and legal documents for information security;
- preparation of recommendations and presentation of results.
The result of the services is a report that contains a list of detected vulnerabilities in the ITS, as well as the threats that may lead to a breach of the standard operating conditions ofthe ITS, inefficient use of its resources, violation of the confidentiality, integrity and availability of information circulating within the ITS, as well as recommendations for elimination of the detected vulnerabilities and ensuring fault-tolerant operation of the ITS.
If necessary, it may be provided consulting and-methodical and practical assistance for building up safe computer networks, configurating server and active network equipment, security devices, user computers, as well as threat model design, information security plan for the ITS, information security policy and other organizational and methodical documents.
Certification of software and hardware in the field of technical protection of information
The result of the work shall be confirmation of compliance for the software or hardware product with requirements provided in regulatory and legal documents of the system of technical protection in Ukraine, and as a consequence – getting the favorable expert opinion.
We have many years of experience in carrying out this type of works, satisfied customers and favorable feedback. We cooperate with software and hardware developers, both immediately and through intermediaries or official representatives.