ACTIVE SECURITY MANAGEMENT
It is a striking fact that most organizations do not address the issue of security until they first encounter serious problems or face a need for compliance with legislative requirements and industry standards.
Until that moment, the security risks associated with the operation of information systems are mostly overlooked with "nothing can happen to us" approach. The opposite is true and the subsequent remedy may cost several times more than the implementation of a systemic approach to security management at the very beginning.
The traditional concept of security solutions for most organizations consists in the acquisition of specific technologies, usually with whose mode of operation is usually isolated, not interconnected, and often not effective, since specific security risks were not known during their acquisition and operation.
Building and ensuring an adequate level of safety require a comprehensive approach by the organization. In particular, a detailed knowledge of the vulnerabilities of existing information systems allows you to make effective and efficient safeguards.
If information security is a key parameter in your organization, the specialists and consultants at TOTAL SERVICE are ready to help you in the following areas:
- We analyze the risks associated with the operation or changing of the IT environment and recommend how to reduce risk factors
- We help set up and implement information security management systems according to international standards and for compliance with the requirements of the Act on cyber security No. 181/2014 Coll.
- We create security policies and procedures and train your staff on them
- Act on Cyber Security no. 181/2014 Coll.
- GDPR - substitute of Act no. 101/2000 Coll. on personal data protection
- We will create security policies and procedures for you and train your employees on them
- We perform the evaluation and design of security architecture
- We audit the security of your IT environment
- We prepare and review your emergency plans, set procedures for dealing with emergencies and help you plan your business continuity
- We prepare you for obtaining certificates ISO 27000, ISO 20000
- For companies operating in the field of payment cards we design techniques to achieve compliance with PCI DSS
- We help build and maintain the long-term safety awareness among your employees
AUDIT, RISK ANALYSIS AND REMEDY
Do you want to identify weak points of your information system, or are you going to change it? An information system audit will provide you with comprehensive information on its status in terms of functions, data, security, etc. Our professionals know both, the offers and features of information technologies on the market as well as the needs of organizations. We use recognized and proven methods of information system analysis.
The proper use of information technology in an organization is such a complex topic that it requires experienced professionals who will help avoid unnecessary mistakes. Audits focus on your current hardware, software and applications. We can also suggest a target system architecture.
As the first step we recommend performing a comparative analysis, whose output will be reported in a document:
- Revealing the most problematic areas of information security in terms of compliance with standards and legislation
- Specifying the main tasks and steps that needs to be carried out at the level of organizational and technical measures
- Determining key business processes, which will be targeted in a formal risk analysis (definition of risk analysis), which is an essential part of any security project
The results of this comparative analysis will serve to correct targeting of other activities aimed at the building and development of information security in your organization.
Comparative analysis provides:
- Plan of targeted steps for further development of information security with regard to risks and the requirements of the Cyber Act
- Overview of future costs for security and the priorities of individual measures
The implementation of an information security management system (ISMS) according to ISO 27001 is the logical result of the previous steps. The goal can be not only certification according to this system, but especially information security management so as to minimize the risk of the loss of reputation in case of the leakage of information or intellectual property.
The objective of risk analysis is to define, describe and quantify risks for particular processed and transmitted information, the information system and the corporate environment. On the basis of risk analysis and the conclusions of the assessment of operating practices, measures for reducing the risks below an acceptable level will be proposed to ensure the security of key information assets.
The methodology we apply at risk analysis is based on the requirements of Act of cyber security No. 181/2014 Coll. and related decrees. Inputs for analysis are gathered at interviews with persons responsible for area being reviewed. The information assets that are used by customer and should be protected must be identified at the very beginning of a risk analysis.
Performing a risk analysis will enable more competent and responsible proposing of remedy that effectively eliminates the risks associated with the customer's information system.
IS penetration tests are standard processes, which should be periodically performed in every organization that stores its assets in information systems. The goal of penetration testing is to determine the extent to which a particular information system is resistant to attack, where its weaknesses are and how to best repair them.
When checking the settings of individual systems, the knowledge and experience of security and system specialists are applied. In tests and audits, reputable commercial toolkits and frameworks, free tools are used as well as our own toolkits we develop to address the actual needs of penetration testers.
The output of the penetration testing is a detailed report identifying the vulnerability and risks with an estimate of the extent of their impact. At each identified risk we give our recommendation for treatment or elimination of its impact on the lowest possible level.
In the area of penetration tests we primarily offer
- External and internal penetration testing of the corporate IT (with zero or partial knowledge of the environment)
- DMZ tests
- Testing users by social engineering methods.
In the area of security audits we offer:
- Analysis of the configuration of IDS/IPS systems
- Analysis of the configuration of firewalls, active network components, server OS (Unix, Windows, Linux)
- Analysis of emergency plans and reverse system recovery
- Analysis of the safety and reliability of proprietary systems and applications
- Analyses of the configuration of database servers (especially Oracle, MySQL, MSSQL, DB2)
- Další specializované testy dle individuálního požadavku klienta.
The main benefits of penetration tests and security audits include:
- Improvement of IT security and thus overall reputation with a company’s customers and business partners.
- Prevention of the potential abuse of system resources from outside and inside (the spreading of warez, the illegal SW installation, unwanted interventions in system settings, etc.).
- Reduction of costs of restoring an infected system.
SIEM – SECURITY INFORMATION AND EVENT MANAGEMENT
TOTAL SERVICE offer its customers SIEM solutions by IBM known as QRADAR. The solution has been ranked on top of the leaders quadrant, based on Gartner report: 2016: Magic Quadrant for Security Information and Event Management.
IBM Security QRadar SIEM
IBM Security QRadar SIEM consolidates the log data of source events from thousands of endpoint devices and applications deployed across the network. It ensures immediate normalization and correlation of activities based on raw data to distinguish between real threats and threats that have been wrongly identified. The software also optionally includes the IBM Security X-Force Threat Intelligence tool, which supplements the list of potentially harmful IP addresses, inc. malware host systems, spam sources and other threats. IBM Security QRadar SIEM can also correlate security system vulnerabilities with event data and network data, helping to prioritize security incidents.
Why TOTAL SERVICE is a reasonable partner for SIEM solutions:
- Experienced technical and analytical team available 24/7/365
- Existing contractual customers can be given a service catalog extended by SIEM solutions at the best price on the market
- Focus on comprehensive security management, not only on the perimeter or infrastructure
- Security management system is designed with respect to business benefits for customers and legal requirements
- SIEM understood as a basic support system for implementing ISMS (Information Security Management System)
- Expertise on large projects for major customers.
We offer solutions in two business models:
- Delivery of products – and licenses, deployment and training included
- Service, i.e. for a fixed monthly fee, including guaranteed SLA, and the option of proactive nonstop 24/7/365 surveillance, incident treatment included.
- IBM Certified Associate - Security QRadar V7.0 MR4
- IBM Security Systems Sales Professional v3
- IBM Certified Deployment Professional - Security QRadar SIEM V7.1
- Personal security clearances and BIS certifications
- Consultants with TOGAF, ITIL and Prince 2 project management certificates
- SIEM by QRADAR in full compliance with Cyber Security Act
- Act No. 181/2014 Coll., on Cyber Security identify significant IT systems and their criteria for identifying critical infrastructure elements. Series of new measures are required:
- § 11 - Access control and secure user behavior
- § 21 - Tool for recording activities of critical information infrastructures and major information systems, their users and administrators
- § 22 - A tool for the detection of cyber security incidents
- § 23 - Tool for collecting and evaluating cyber security incidents
SIEM systems primarily perform:
- Collecting logs of events correlation
- Generating alerts
- Reporting analyses of events / incidents
- Investigating incidents
Benefits of SIEM systems
- Real security management across the company, increase of IT operation efficiency
- Traditionally, the most important reason is to reduce the number of security incidents to a level that is manageable and the separation of real incidents from incidents that only appear so (false-positive).
- An important feature of SIEM deployment is the above mentioned increased efficiency of IT operation, manifesting in: the ability to quickly analyze operational problems with unplanned outages, more accurate planning of capacity development and the performance of ICT resources