Our life and business changes dramatically as technologies integrate to all spheres. Computers, smartphones, networks, servers and clouds services contain vast amount of sensitive and valuable information, which represents the attractive target for cyber-criminals. To protect the confidentiality of your information, guarantee continuity of your business and secure your trade secrets, a structured and efficient cyber-security infrastructure is required.
In CSI Group, we understand the importance of real-life cyber security, and focus on development effective measures to protect our clients from actual cyber-risks.
Cyber security audit
CSI Group team of cyber-security professionals assess the level of security of the organization analyzing:
- Policies and procedures related to cyber security;
- Practices of securing IT assets and information;
- IT-infrastructure topology;
- Configuration of network devices, servers and other equipment;
- Configuration of cyber security tools;
- Vulnerabilities of endpoints, servers and network devices;
- Vulnerabilities of network perimeter and web-applications;
- Incident response and recovery strategies.
Detailed recommendations prepared after the audit are focused on effective mitigation of cyber-security risks and closing the gap between the current and desired status of corporate security.
CSI: CyberSec Checkup
We have developed an approach to deliver a fast assessment of organization’s cyber-security posture, and development of easy to implement recommendations for improvement.
CSI: CyberSec Checkup is a complex review of your IT and cyber security infrastructure for a competitive budget and within a short period of time.
CSI: CyberSec Checkup includes:
- Cyber-security assessment in accordance with Critical Security Controls 20;
- Vulnerability analysis of endpoints, servers and network perimeter;
- Analysis of network devices’ configurations;
- Analysis of cyber-security tools’ configurations;
- Development of practical recommendations to close vulnerabilities and harden corporate security.
CSI: CyberSec Checkup works perfectly for small and medium size companies, which have concerns regarding their security level and want to protect themselves.
CSI: Data Protection Checkup
Our experts conduct a comprehensive analysis of the processes, documents and IT systems involved in collection, processing, storage and protection of personal data for compliance with the requirements of GDPR and Russian Data Protection Law No 152-FZ.
CSI: Data protection checkup includes:
- Review of the processes and information systems involved in collection, storage and processing of personal data;
- Analysis of company’s approaches for ensuring the security of personal data;
- Recommendations for creating a personal data management system that complies with the provisions of the GDPR and Russian Data Protection Law No 152-FZ;
- Development of a roadmap for creating a personal data processing system that complies with the provisions of the GDPR and Russian Data Protection Law No 152-FZ.
Microsoft SAM GDPR project is a part of the Microsoft SAM Service program.
Penetration testing and vulnerability assessment
Active assessment of IT-infrastructure for vulnerabilities and emulation of real hackers’ actions facilitates testing of all aspects of your company’s security: technical and organizational. Our team utilizes different approaches in accordance with the agreement of the client: white or black box, various intruder’s models, social engineering.
Processes and environment:
- Software development process;
- Change management;
- Deployment and integration;
- Software update;
- Identity and rights management;
- Administration of IT components;
- Incident management and monitoring.
Security of technical components:
- Source code of applications;
- Application level software;
- System level software;
- Third-party services;
- Network components;
- Security systems.
Development of cyber-security infrastructure
Protecting the information and IT assets is a continuous process which requires a complex view. We combine fundamental knowledge in areas of cyber security and real-life experience in securing the companies, and investigation of cyber-crimes to develop efficient and business oriented security solutions.
We help our clients with:
- Development of cyber-security strategy;
- Development of easy to understand and implement policies and procedures;
- Hardening of servers and networks;
- Identification of business requirements to IT security tools and assessment of vendor offers;
- Classification and access control to sensitive information;
- Redesign of IT infrastructure to meet security requirements;
- Deployment and configuration of security tools: IDM, Encryption, DLP, SIEM, AV, etc.;
- Training of security personnel and development of security awareness program;
- Development of security operations centers;
- Independent audits of cyber security infrastructure.