The term 'information security' is conventionally defined quite simply - it is a state of information protection when its confidentiality, availability, and integrity are ensured; however, its practical assurance requires the solution of a large number of challenges and problems in most diverse fields, from administrative and regulatory to technical and operational issues.
Structurally, from the point of view of a systems integrator company, it is possible to distinguish the following major areas needing the services of development and implementation of solutions on protection of information within a company or organization:
- Protection of trade secrets
- Protection of personal data
- Assurance of process safety in the APCS
With regard to the infrastructural components which are supposed to be protected, the following points should be listed:
- Corporate information systems including both hardware and software components;
- Corporate and operator network infrastructures;
- Information resources of operator networks and providers of public information services;
- User workstations, including mobile devices
Measures and solutions on protection of information for the given technology areas in conjunction with the statutory and regulatory activities ultimately ensure the continuity of activity and business of companies or organizations.
Our company, being a leading systems integrator in the IS field, is specialized in development, implementation, and follow-up support of integrated complexes ensuring the protection of information systems of different scale, including high complexity systems.
List of services in the information security field which is made available by the company includes:
- Audit of customer's information hardware and software systems;
- Inspections of information systems for immunity to external intrusion. Investigation of IS incidents;
- Assistance in development of corporate regulatory and organizational support;
- Consulting on technical and organizational IS issues;
- Design, implementation, and operational support of IS systems;
- Assistance in development of corporate and industry regulatory documents for the IS;
- Preparatory work for certification of automated systems by security classes according to the classification system established by the Federal Service for Technical and Export Control of Russia;
- Services of an outsourcing center of monitoring and response to IS incidents.
The company offers its customers unique certified indigenous security tools for protection of information systems, in particular, solutions implementing one-way (on a physical level) transmission of data between IS parts of various protection levels.
In the process of implementation of IS-related projects, our experts rely on such important business criteria as investment security, swiftness and economic optimality of solution implementation, including both costs of upgrading itself and subsequent operation costs.
Design and support of IS systems draws upon a contemporary method according to which IS is assured in a continuous cycle "Planning-Implementation-Analysis-Modernization".
The stage of planning defines the quality assessment targets and criteria which must be achieved during implementation of information protection, with development of management processes necessary for achievement of the specified criteria, scheduling of work milestones, and allocation and distribution of required infrastructural and staff resources.
Implementation brings about the practical realization of regulatory, structural, organizational, and technical measures for protection of information and associated infrastructure along with elaboration of relevant control processes.
The operation of protected information systems involves collection and analysis of information in order to check that the results meet the specified quality parameters, with identification and analysis of deviations and establishment of reasons of such deviations.
The stage of modernization is intended to develop actions to remedy the causes preventing the achievement of planned quality criteria, which results in updating of the initial plans and design solutions, as well as allocation of resources to be spent on protection of IT system information.
IS-related activities are executed in full compliance with the provisions of Russian regulatory documents in the area of information protection, national law, national and international standards, including requirements of the Russian Central Bank, ISO/IEC 27001, ISO/IEC 17799, PCI DSS, BS25999, etc. (ISO).