Creation of Information Security Systems
Every organization using information technologies to automate business processes faces the problem of information security assurance. Large number of potential threats, both incidental and intended, can cause serious damages to the company activities and prevent from achievement of business aims.
Information security systems allow companies to provide substantiated warranties to owners, business partners, investors and clients that the IS task is duly solved. In its turn, this ensures the company competitive advantages demonstrating competence on IS threat control which are the main part of all operation risks.
Open Technologies offers effective solutions in the field of information security.
Our information security systems (ISS) allow:
- to protect all forms of information from unauthorized collection, modification, leakage and deletion;
- to prevent damages in these cases;
- to ensure normal IT operation according to requirements;
- to comply with requirements of legislative and regulatory documents;
- to ensure growth of trust from the clients' and partners' side.
- to optimize expenses of IS assurance in organization.
The main principle Open Technologies bases on in information security assurance consists in the idea that IS assurance shall be based on organization-wide complex and system foundation by creation of information security system (ISS). The ISS is a complex of technical, procedure, organizational and legal measures unified on the basis of IS management model. The figure displays main elements which can be included into ISS:
Methodology of IS control is based on approaches of the international standard ISO 27001. This standard based on risk management methodology stipulates general principles of construction and requirements to information security management systems (ISMS).
The choice of IS assurance practices is defined by ISO27001, ISO17799 standards as well as requirements of national regulatory documents such as the standard of the BR "IS assurance in the RF bank system organizations" and RD FSTEC.
The offered ISS approach provides you with the following advantages:
- possibility to organize effective and economically viable solution of the general IS assurance task according to requirements;
- possibility of in-house support and improvement of IS assurance in case of changes in IT infrastructure, business-processes, legislation requirements, relevant threats and vulnerabilities;
- possibility to demonstrate compliance to requirements of legislative and regulatory documents, both Russian (BR standard, RD FSTEC, etc.) and international ones (Sarbanes-Oxley Act, Gramm-Leach-Bliley Act which is relevant for companies working at the Western markets);
- official certification on compliance to ISO 27001 in order to provide quality confirmations.
Experience and qualification of our specialists allow integration of a wide range of security means into unified ISS. We also supply and provide technical support of IS assurance hardware and software made by various manufacturers.