Design and implementation of information security systems
We offer a wide range of custom-tailored information security services considering business aspects, industrial standards and national regulatory requirements.
Information security (IS) of any company is an integral part of the business risk management. International standards of ISO 27000 series and best practices define a wide-complex approach to the information security, and specify strategic, immediate and tactical solutions. They strongly recommend implementing information security management systems (ISMS) within an organization. ISMS is a set of policies concerned with establishing, implementing, maintaining and continually improving an information security management system within the context of the organization, which ensure confidentiality, consistency , accessibility of the information, and compliance with the legislative requirements.
Rapidly changing market conditions require constant modernization of IT infrastructure of the organization, and it leads in some cases to new IS risks. ISMS allows to identify these risks and respond with the adequate solutions, while developing necessary organizational procedures and implementing new software and technical solutions for protecting the information.
We offer a range of services to assist you in developing and implementing a relevant and sustainable ISMS to:
- Define the information security policy
- оценка защищенности информационных систем
- проведение аудита ИБ
- Conduct a risk assessment and select adequate solutions
- • Assist in developing the required ISMS documents
AIM SYSTEMS has a long experience in implementing and maintaining the ISS, and offers a number of the state-of-the-art solutions for:
- Защиты от несанкционированного доступа (НСД)
- Corporate network border security
- Setting up a secured remote access
- Организации защищенных каналов связи
- Data Leak Prevention (DLP)
- Intrusion detection systems (IDS)
- Защиты виртуальной и облачной инфраструктуры
- Защиты персональных данных и коммерческой тайны
- Protection of information on personal workstations and removable data medium
- Защиты серверов, СУБД и приложений
- Защиты от вирусов и спама
- Обеспечения безопасности работы с мобильных устройств, внедрения систем MDM и реализации политики BYOD
- Security Information and Event Management (SIEM)
- Обнаружение уязвимости сетевых устройств, систем и приложений
- Обнаружения уязвимостей в исходном коде
Industry practices in the field of Information Security
Certain industries require special IS solutions and compliance with the legislative regulations of the Russian Federation. In financial industry, in particular, the compliance with BR standard, PCI DSS shall be demonstrated and special systems for financial fraud prevention shall be used. For Fuel and Energy organizations a federal regulation 256-FZ ‘On safety of Fuel and Energy facilities’ and Order No. 31 of FSTEK of the RF shall apply. We offer our assistance in upgrading the customers’ automated systems for meeting such requirements.