The Center offers a full cycle of information security system implementation activities, including:
- Information security evaluation, audit, risk analysis;
- Development of organizational methods and procedures for ensuring information security; design of technical information security systems;
- Delivery and implementation of information security facilities and systems;
- Attestation and certification of implemented systems;
- Maintenance, outstaffing, and outsourcing.
Business Oriented Solutions
Aimed at accomplishing various business tasks: from ensuring the security of key business processes and the entire scope of business operations to reducing IS costs and assuring company revenue:
- Ensuring business continuity/disaster recovery (BCP/DR), development of a Business Continuity Management (BCM) process;
- Creation of a centralized access rights management system (IdM);
- Establishment of electronic fraud management and revenue assurance functions (FM/RA);
- Protection of Enterprise Resource Planning (ERP) systems;
- Integrated protection from critical business data leakage (DLP).
Process Oriented Solutions
Aimed at establishing efficient information security management processes, controlling these processes, and minimizing the risks:
- Creation of an Information Security Management System (ISMS) in accordance with the ISO/IEC 27001:2005 standard requirements;
- Construction of information security operation centers (SOC), including implementation and automation of monitoring, incident, vulnerability, and compliance management processes.
Industry Specific Solutions
Aimed at countering security threats and ensuring compliance with requirements specific to companies and organizations in different industries/areas of economy:
- For financial organizations: ensuring payment system compliance with the requirements of PCI DSS standard (including certification), implementation of Bank of Russia standard STO BR IBBS-1.0-2010 requirements and related audit, compliance with personal data protection legislation (Russian Federal Law No. 152 dated 27.07.2006), assessment of information security risks related to Basel II agreement, etc.
- For telecommunication companies: creation of systems for providing information security services to telecommunication service subscribers (content filtering, anti-spam, etc.), protection of data transfer networks, communication network attestation and certification for compliance with information security requirements, SIA implementation, FM/RA solutions.
- For Fuel and Energy industry and companies: protection of SAP ERP systems, protection of automated process control systems and critical technology processes.
- For government organizations and law enforcement agencies: information security audit for compliance with Russian legislation requirements, implementation of requirements presented in FSTEC and STR-K documents, preparing automation objects for attestation and their attestation proper, information system certification for compliance with the GOST R ISO/IEC 15408-2-2002 standard, development of personal data protection solutions, creation of secure electronic document management system.