IT Security Management

IT security services of Infopulse Ukraine are implemented on all levels of IT management and are integrated into the unified services of IT-infrastructure management.

Key Services:

  • “Security Expert” Service
  • Penetration Test
  • IT Security Audit
  • Information Risk Management Consulting Service
  • Business Continuity Planning Consulting Service
  • Cyber Patrol Servic
  • “IT Security” Service Package

Our Competences and Standards:

  • ISO/IEC 9001, 14001, 20000, 27001, SOX experts;
  • Penetration tests;
  • Risk management;
  • Business continuity management;
  • Processes implementation based on ITIL, COBIT model-driven architectures;
  • Microsoft, IBM, HP, Cisco, CheckPoint, Trend Micro, Computer Associates security solutions in the following spheres:
  1. identity & access management,
  2. internet,
  3. monitoring,
  4. logs consolidations;
  • Network security
  • Windows and Unix security;
  • Web application security;
  • Information security;
  • Wireless security;
  • IT-infrastructure security;
  • Project management. 

“Security Expert” Service

Description:
  • Assignment of a qualified employee for the performance of IT-security tasks for a certain period of time. If it is necessary this employee should be quickly substituted by another person from the candidate pool.
Goals:
  • Quickly get qualified experienced security specialist for internal security roles for the agreed period of time.
Features:
  • An expert working full time or part time, that can be quickly substituted if necessary;
  • A possibility to decline employee’s services if the company no longer needs them.

Penetration Test

Description:

  • Many security standards require penetration testing, since the latter has proved to be the most reliable indicator of an information security system’s efficiency. Infopulse’s pentest service perfectly imitates the threats of cyber-crimes and allows security specialists of customer to be engaged into real war games. By offering most complex penetration testing Infopulse helps customer’s business achieve the maximum level of resistance against cyber-threats. Infopulse’s penetration team is comprised in compliance with customer’s peculiarities, and the team’s activity is aimed at reaching specific relevant goals like industrial espionage, unauthorized payments, etc.
Objectives:
  • Detecting the risks of the customer’s services accessible through network being misused
  • Enhance defense against specialized professional web-hacking attacks
  • Reduction of customer’s risks, which may negatively affect customer’s business
Activities:
  • Infrastructure vulnerability assessment
  • Web application assessment
  • Customer’s security, social engineering testing
  • Business logic analysis, defense against insiders
  • Stabilizing integrity and confidentiality defense mechanisms for financial data exchange
  • Physical threat analysis
  • Combined sessions of attack and defense flow analysis
  • Complex mitigation plan development
Features:
  • The service can be focused on particular domains of customer’s application security
  • Acceptable attack methods with regard to the business infrastructure and staff are defined
  • The results of the service facilitate achieving an economically effective risk management
  • Collaborative sessions make it possible to exchange experience between Infopulse and customer and point out the most problematic areas in security controls.

IT Security Audit

Description:
  • Independent estimation of the current state of IT-infrastructure, which determines the level of its conformance to the certain standard or criteria.
Objectives:
  • Complex audit of the data security system;
  • Audit of IT-security of network separate units (servers, data communication network, systems of data storage, etc.) which are crucial for the work of the company;
  • Independent estimation of the current state of information security system;
  • Identification and estimation of risks, mitigation of security vulnerabilities;
  • Cost-benefit grounding of security mechanisms to be implemented;
  • Providing conformance to the requirements of local legislation and international standards;
  • Minimization of damage caused by security incidents.
Activities:
  • Goal setting and implementation plan development;
  • Retrieval, arrangement and analysis of data necessary for work performance;
  • Conduct of an audit;
  • Preparation of the analysis report, which includes:
  1. Simulation of security breach processes,
  2. Estimation of security breach risks,
  3. Vulnerability analysis and risk estimation,
  4. Developing the organizational measures of IT-security,
  5. Developing the proposal on the development of IT-security technical measures,
  6. Developing recommendations for improvement of the IT-infrastructure,
  7. Staff training.

Information Risk Management Consulting Service

Description:
  • Development and implementation of risk management process. Assessment and improvement of risk management framework and capabilities.
Objective:
  • Build and/or enhance risk management program
  • Optimization of the cost of information security
  • Achieve balance between company capabilities and risks
Activities:
  • Development and implementation of Risk Management Process
  • Business Impact Analysis for identification of all important customer processes and facilities
  • Risk Assessment of all important customer processes and facilities
  • Development of Risk Treatment Plan
  • Consulting on implementation of Risk Treatment Plan
  • Risk Management Process Monitoring and Reporting
Features:
  • Gives better understanding of critical risk exposures
  • Gives a certainty in how best to achieve an acceptable level of information security
  • Integrates security functions into all aspects of information processing in the organization
  • Infopulse Security Management Framework can be used to support service activities. 

Business Continuity Planning Consulting Service

Description:
  • Nowadays to stay healthy, happy, and profitable each organization might consider a business continuity planning as a core part of everyday business activities. Protection of mission-critical resources will drastically decrease possible negative consequences and effective business continuity planning can be the difference between a company surviving a negative event and a company ceasing to exist. Infopulse helps design realistic, cost-effective business continuity plans, which clearly state the mission-critical resources, relevant risks and impacts of disaster events, outline a detailed mitigation for each potential harmful event, define understandable recovery objectives and corresponding recovery strategies, provide ongoing measurements of performance and value.
Objectives:
  • Improve understanding of business and technical processes by company employees
  • Cut recovery times and minimize revenue impact
  • Meet regulatory requirements for business continuity
  • Align the costs of planning with the actual risks company faces
  • Identify and eliminate single points of failure in company infrastructure and business processes
  • Identify potential cost reductions by improving or creating operating efficiencies
  • Ensuring a business function’s viability during and following a major incidents
  • Maintain employee productivity across all company operations
  • Safeguard company brand equity and shareholder value
Activities:
  • Understanding organization
  • Business impact analysis
  • Risk assessment
  • Business continuity strategies development
  • Emergency response and operations development
  • Business continuity plan development and implementation
  • Business continuity awareness and training
  • Business continuity plans exercises
  • Crisis communication plan development
Features:
  • Valuable improvement of mission-critical business processes as a direct result of business continuity planning efforts
  • Infopulse Security Management Framework can be used to support service activities.

Cyber Patrol Service

Description:
  • 24/7/365 monitoring of borderline equipment and DMZ-systems.
Objective:
  • Providing urgent responses to network attacks and attempts to violate access rights restrictions.
Activities:
  • IT-infrastructure assessment;
  • Suggestions on reengineering;
  • Implementation of technical security controls;
  • Coordination of escalation and reporting procedures;
  • Service implementation.
Features:
  • Notification of responsible persons;
  • Evaluation of risks;
  • False alarms identification;
  • Implementation of immediate security safeguards;
  • Tracking and coordination of attack mitigations;
  • Quality check of conducted contingency plans;
  • Performance of post-incident-analysis.

IT Security Service Package

Description:
  • Service package which is required for a customer according to security requirements.
Service Modules:
  • Implementation of IT-security management system;
  • Implementation of administrative and technical controls
Objective:
  • Development and implementation of the IT-security management system, which should meet security requirements of the company.
Features:
  • Maintenance of data integrity and prevention of data leak;
  • Providing ongoing conformance to the security standards.