The information security system is effective only when it is complex, i.e. when sufficient attention is paid to its two components: organizational, methodological and technical. We start with a comprehensive audit of information security, carry out an independent assessment of the information security system in relation to both the technical side and the organizational methodological. As a result of a comprehensive analysis, we form a matrix of information security risks, validate it with managers and supervisors from the Client and the first of the processes implement the risk management process. In the future, we implement those information security processes that cover the most critical risks of is, relevant to the Client at the moment
We offer a specialized service that includes audit of the current state of business processes, identification of single points of failure in operational processes and it infrastructure, assessment of failure risks, improvement of protection of key information systems of the Client from failures in single points of failure by implementing our proposed measures to eliminate these points and by introducing compensating controls, formation of business continuity strategy, development and testing of recovery plans after accidents. Implemented processes close the actual critical risks availability.
Secure cloud for sensitive data
IaaS infrastructure is a comprehensive solution that enables use a highly configurable set of it infrastructure elements (on-demand resources-servers, data stores, network devices, software), with access to them via the Internet, that is, without tight binding of your location to the point of service.Our the service ensures the secrecy of the location and name of the data center with critical it systems from the system administrator by hiding real IP addresses (VPN service proxy to hide technical data about data center.)Data security and business continuity-our priorities. We provide firewall protection, DDOS protection, monitoring the status of systems and security logs, control of operation workers'. Service availability of 99.95 per cent. Support 24x7.
Security analysis and penetration testing
We offer a comprehensive independent survey of applications, automated systems and the Customer's network, which allows us to assess the current state of security of information technology infrastructure and plan further steps to improve the efficiency of the used forces and means to ensure is. Our service includes: penetration testing of network infrastructure, wireless networks, production technology networks and devices, security analysis of web applications, mobile applications, social engineering, load testing, industry targeted testing (Telecom, banks and insurance, crypto-exchanges and classic exchanges, investment companies, Commerce, retail, media, medicine, manufacturing, fuel and energy complex organizations and the public sector.
Compliance with legal requirements
A necessary component of information security is to meet the requirements of regulators and industry standards in accordance with the needs of the business and within the legal field. We offer services in compliance with international standards, current legislation and regulatory framework in the field of information security, including protection of information systems of personal data, critical information infrastructure, systems of financial and insurance organizations, automated process control systems. We propose a classical approach of alignment, consisting of three stages: 1) GAP-analysis and formation of Action Plan, 2) implementation of Action Plan, 3) evaluation of the effectiveness of implemented measures.In our area of competencies includes the following normative-legal acts and standards: FZ-152 FSTEC Order No. 17, the Order FSTEK № 21, FZ-187, the Order FSTEK № 239, FL-161, № 382-P, №552-R, GOST R 57580.1-2017, STO BR IBBS, ISO/IEC 27001, ISO/IEC 22301, PCI DSS.
Secure remote access
Представляем нашу перспективную услугу предоставления удаленного доступа к любым корпоративным ресурсам и приложениям. Мы предлагаем безагентскую облачную технологию, позволяющую предоставить point-to-point доступ вместо стандартного VPN, обеспечить политику Bring Your Own Device, осуществлять управление внешними сервис-провайдерами. Наша услуга обеспечивает быстрое предоставление, изменение и отзыв полномочий доступа к ресурсам компании, управление ключами доступа через централизованное защищенное хранилище, контроль и запись удаленных сессий, расширенный аудит всех действий удаленных пользователей и администраторов.