Information Security Services
Since information is competitive advantage, its protection is of maximum importance for your organization. You cannot afford to have it read, used, disclosed or modified by an outsider. You need to be sure you can count on the information you own and that the access to that information is set based on business needs.. In this scenario, Information Security Services play the role of the Cerberus, focusing on security controls related to your computing systems, those that influence the proper function and effectiveness.
We provide tools and implementation services for:
- Data governance – identify and manage security risks related to data that needs to be protected, including market data, trade secrets, intellectual property and personal information.
- IS Business modeling
- incident management including guidance and advice to respond effectively and quickly in the event of a security breach, and ensuring the situation is contained;
- identifying segregation of duties requirements and Role-based access models;
- information security awareness and training, with a customized risk based security awareness program that uses various means to involve and challenge your employees to be active part in the overall security environment, to be educate with the information needed to help protect organization information resources;
- security framework implementation for an industry-accredited information security management system that will enable your organization to establish a control structure that will help to keep data safe;
- information security risk management and “Information Security by Design” implementation;
- create effective, value adding security strategy and roadmap aligned with corporate goals;
- Identity and access management implementation services and user provisioning & lifecycle management services to automate user provisioning and application access based on each user’s relationship and role within organization, and ensuring appropriate access for individuals;
- Perimeter protection/ network security, including managed services for firewalls, Anti-virus, anti-malware content and spam filtering, intrusion detection/ prevention systems (IDSs/IPSs), and virtual private networks (VPNs);
- Vulnerability scanning and assessment, penetration testing and remediation services to identify and quantify technical vulnerabilities, establishing key areas of concern and making recommendations about how to best address them;
- Data Loss Prevention designed to assess content and determine if specific forms of communication moving out and storage within the organization are potentially damaging, violating policy, or may be the result of malicious actions.
Tools and technologies:
- Identity and Access Management: IBM and Oracle
- Data Loss Prevention: Symantec
- Data governance: Varonis, Symantec
- Vulnerability management: Nessus
- IDS / IPS: CISCO