IT security consulting services

Lock-iconIT security is a kind of scale: on one side we have the legal and business requirements, value of data assets and reputation while on the other side having the regulations complied and the cost of IT security systems. The costs of the IT security solutions must be in line with the value of the protected information. This is why it is very important to work out, operate, monitor and control the IT security infrastructure.

Our IT security services have the following main elements and we provide them taylored specifically to our customer needs.

rulesWe are analysing how the operation of the company meets the international standards, recommendations, laws and internal company policies. In addition to this we are verifiying the practical implementation of the infomation policies with special focus to security (data security and access rights) and irregular situations.

It is high interest of all the corporations to take care of their data security, continuous operation of the information technology systems and solving emergency situations in the field of IT. The purpose of the business continuity plan is that the companies are reducing the operational risks to minimal and to reduce the eventual damages that are not foreseeable, due to competition and compliance to the laws.

24hours_available-512We are analysing the requirements set in the SLAs, we are verifying the quality of the information technology services (saving, archiving, performance and availability) putting strong focus to the contracts with external partners and vendors.

warning-icon-hiDuring the information technology risk analization and management, we are focusing to measure and reduce the company operation risks. We are determinining the level of vulnerability of the systems against different types of attacks, taking into consideration the present protection arranges.

The purpose of the network vulnerability assessment is the recognization of all the IP based hosts on the internal DMZ network (computer, active assests, etc) and determine protection against the known vulnerability, after catergorizing according to criticality. We are capable to do the vulnerability tests with different kind of softwares, based on compliences, for example: ISO 17799, 27002 PCI-DSS, stb.

We are giving reports about the results detailed by hosts and about solution proposals specified for the results, after the completion of the vulnerability assessment. This detailed report is favorable for IT professionals engaged in the operation, because using ready-to-use solution proposals can minimize the business risk of the security of their systems in a short time. We prepare summary for the leaders in connection with the founded vulnerability, and we propose to rectify them

cheprograming5The ethical hacking is a security verification process of the IT system in a company, which focuses on critical security gaps, thereby reducing the malicious attacks. During this vulnerability test, we will clearly see the actual state of the system.

byodThis area is extremely important from information security point of view with the apparition of the Bring Your Own Device (BYoD) concept, when in the network of the company there is a mixture of private and company mobile equipment.
The essence of the consultancy is to devenlope an enterprise mobility strategy by assessing the client’s current mobile devices concept and and the client’s future mobility concept, which supports both access to the mobility necessary for work and the the information security aspects.

The information security awareness is a key aspect for the company’s employees, for the suppliers from the information security point of view. There can be any modern data leaks prevention device, any IT risk management mechanisms, if emloyees do not understand and do not take into account the company protection of information security aspects.

We undertake to perform information security education, preparation of educational materials developed for company target groups and have an awareness of information security software solution, that educates employees using simulation techniques.

We are performing information security audit, and preparing for audits with the support of our colleges, so for example:

  • Preparation and audit of Information security management system certification (according to ISO 27001)
  • Usage audit
  • Preparation for PCI DSS audit
  • Software and license audit
  • Business continuity audit
  • IT managing audit

Comsec Group

Our company represents the Israelite Global COMSEC information security company (https://comsecglobal.com/) which provides “advanced” services in addition to the above-mentioned basic information security services. For examles:

 

DDoS (Distributed Denial of Service) standby

There are more and more DDoS attacks around the world, which paralyze the operation of the organizations, causing significant losses. Our solution includes the followings: to discover weaknesses of the organization, planning methods of attacks and launching a targeted and controlled consists of performed attacks by having officially owned IP addresses (botnet). With this method, we can prepare our clients’ organizations for DDoS attacks, and we can support them protection.

 

PCI DSS service

The Payment Card Industry (PCI) has developed the PCI Data Security Standards (DSS) in order to create unified technical security standards for major credit card systems. We fully undertake the provision of the PCI DSS, including goal settings, reporting, repair, safety testing and certification issuance. Because of the Global COMSEC can also release qualified safety certification (Qualified Security Assesor, QSA) that is why our company providing a positive sense, different from the majority of other similar services.

Moreover of the services listed above, our portfolio also includes other services, such as Cyber Intelligence Hub (CIH), Incident Simulation (Comsimulator), ERP security solutions, we explain this in details, in case of customer request.