Information Security

Information Security

There is no secret that information security nowadays is a cornerstone of organization’s activities whether it’s large retail or public organization. It is quite obvious that without competent and skilled professionals in this area it is virtually impossible to ensure confidentiality and integrity of information on the highest level. Worth to say such kind of professionals are the core of the IT-Escort company and, moreover, they have wealth of experience in the information security field.

IT-Escort is one of the top-ranked companies in Ukraine in providing information security services. We are specialized information security competence center for the design and deployment of integrated solutions creating the security perimeter of large enterprises, government agencies, infrastructure, municipalities and distributed information systems. Our certified staff cover up a wide range of issues related to both the audit and the implementation of information security systems, as well as the construction of multilevel data protection concepts.

Actually, an audit of enterprise information security management systems (ISMS) is a priority area of the company’s activities. We conduct a thorough and professional audit of the ISMS. If the ISMS is not implemented in the company, we assist to prepare the company for its implementation and we provide auditing of the current information systems and regulations as well as draft a recommendation report for the implementation of the ISMS in the company.

The audit is carried out only by the team’s certified project manager (Project Management Professional) and certified specialists in the field of auditing and implementing information security systems according to the standards: IEC/ISO 27001, ISO 20000, IEC/ISO 31010 и IEC/ISO 9001.

IT-ESCORT offers a full range of services and effective solutions for data protection from external attacks:

AN AUDIT OF THE ISMS:

IT-Escort analyses and evaluates the compliance of the Customer’s Information Security Management System (ISMS) with the existing requirements of world-wide standards for information security management. In particular, we analyze already implemented security policies, organization of information security, human resource security, resource management of the ISMS, access control, cryptography, business continuity management, communications security etc.

Carrying out the audit our experts analyze and evaluate:

  • ISMS Documentation (the following docs are examined: standards, implemented and developed by the Customer, policies, procedures and other regulatory documents regarding the operation of the information infrastructure and information security);
  • Information Environment (where are examined: types of information flowing in the information infrastructure, and the requirements for its protection; types of objects where information is stored; information flow schemes; modes of access to information; information carriers and a framework to work for them, etc.);
  • Physical Environment (where are estimated: existence of enterprise security perimeter and access control; categories of premises where the information infrastructure components are located; availability of security and fire alarm systems, video surveillance systems and access control to the premises; access to the physical environment components of the information infrastructure; storage conditions for opto-magnetic, magnetic, paper and other data carriers; availability of design and operational documentation for the components of the physical environment; etc.);
  • Technological Environment (where are analyzed: structure of the equipment, hardware and software means, configuration features, their communications, architecture and topology, software and hardware tools for information security, interaction and layouts of the security equipment; types and characteristics of communication channels; hardware and software usage restrictions; availability of the information infrastructure documentation and its components; etc.);
  • User Environment (where are examined: availability of security information service, its functions and responsibilities; categories of users according to their authority level; user’s power to organize access to information processed by the Customer; user’s authority to manage security tools or mechanisms; availability of regulatory documents governing the activities of the organization staff, aimed to ensure the security of information; etc.).

According to the audit results in the case of non-compliance with standards, the Customer will receive a report and recommendations for finalizing the information security management system. The results of the work can be considered as the first stage in the construction and further certification of the information security management system for compliance with the requirements of the international standard ISO/IEC 27001. The estimated duration of work completion is from 1.5 to 2 months.

DESIGN AND CONSTRUCTION OF THE ENTERPRISE INFORMATION SECURITY PERIMETER

Concept development and construction of the security perimeter of the information infrastructure with the highest level of business protection, information systems, as well as guaranteeing the continuity of business processes. The company posses long-standing and successful experience in risk management, designing reliable security systems, certified engineers in the implementation and maintenance of equipment and software.

Undertaking the project, we pay thorough attention to how to manage potential risks, including:

  • organizing monitoring and traffic control of the corporate network, external connections, implementing SIEM (Security Information and Event Management), firewalls, IPS (Intrusion Prevention System), etc.;
  • unauthorized access to the corporate network, including through wireless access;
  • monitoring and suppressing of rogue access points;
  • ensuring data integrity and its protection on servers and storage systems, including user data;
  • reliability and security of the existing virtual environment;
  • reliability and security of used cloud services;
  • the integrity of backups (data archives), their protection and rapid data recovery possibility;
  • data encryption and its transmission channels;
  • antivirus protection, anti-spam, risk management of the unauthorized software running;
  • unauthorized attempts to take away office-equipment and impact on it;
  • risk prevention of commercial information leakage, implementation of DLP – Data Leak Prevention systems.

IMPLEMENTATION OF VIDEO SURVEILLANCE AND FACE RECOGNITION SYSTEMS

IT-Escort offers a range of video surveillance and face recognition services based on NEC RECOGNITION SYSTEM products, which is the world leader in the analytic systems and dynamic face recognition in the flow of people. This complex includes a broad network of surveillance cameras installed in the most crowded places, shopping and entertainment centers, critical infrastructure facilities and other locations requiring continuous monitoring.

VIDEO ANALYTICS IMPLEMENTATION

We also implement software and hardware systems with a video analytics system, as part of a single security perimeter. The introduction of analytics systems of unstructured data for analyzing video, audio and text content based on the product HP Autonomy IDOL.

ACCESS CONTROL SYSTEMS

Within the framework of construction of the general security concept and staff control system for an enterprise or institution including work schedule, IT-Escort offers a number of proven solutions: access control to the premises, access to floors and office. It can be customized. Identification of users of this system is possible both using contact-less cards and using bio-metric methods: fingerprints, face recognition, retinal scanning, identification of the pattern of the veins of the palm. This solution can work together with the video surveillance system and bind the time and place of passage of the perimeter borders with the recording on the cameras, which will allow a quick search in the video archive.

DESIGNING AND CONSTRUCTING THE SECURITY PERIMETER

Using various technologies, IT-Escort designs and constructs perimeter security systems depending on Customer’s budget and terrain conditions. For instance, it might be solutions based on the following technologies:

  • infrared sensors installed on the fence pillars;
  • seismic sensors installed into the ground around the perimeter of individual buildings or the territory overall;
  • fiber optic cables serving as seismic sensors in response to vibrations. This technology can be applied to protect the means of communication, main pipelines and other infrastructure facilities, which are spread over long distances.