Why Do you need an Information Security Management?
Today business contexts are very complex (virtualized, on cloud, in large datawarehouse, providing disaster recovery, on mobile devices, using VoIP, on social networks, using innovating technologies, answering to exigent customers with evolving pricing models, …).
Any organisation have to evaluate both legal and business risks when storing and presenting its own data on a so mixed public or private network.
How do we integrate security as a critical component in customer business processes?
The risk analysis and related technical actions must agree with business processes continously evaluated to strongly align security strategy with business strategy.
Our experience and focus on Information Security Management is oriented on the following aspects:
- Network assessment and risk analysis providing security checklist (PDCA model: Plan, Do, Check, Act) for an acceptable ROI.
- Firewall design and configuration
- Intrusion Detection&Prevention Systems (IDS/IPS) design, configuration
- Continous Logging monitoring with Incident Reporting
- Vulnerabilities testing with Analytical tools (Nessus, Wireshark, …)
- Asset management
- AntiSpam tools and content monitoring
- Centralized Antivirus and Patch management
- Identity and Access management
- Consultancy services for the Courts (Procura della Repubblica e Tribunale di Torino).