ICT Security. High-Quality Information and Know How Protection. Design and implementation of security. Covering almost all of ICT security

Transcription

1 ICT High-Quality Information and Know How Protection Design and implementation of security solutions optimised to meet the client s needs Implementing state-of-the-art hardware and software security products Certified security professionals Rich experience with implementations of security solutions Covering almost all of ICT security products and services Great added value and the price/quality ratio while maintaining the desired level of security Deep business requirements, business continuity, and technical capabilities insight

2 Supervision of Terminal Equipment Penetration Testing of ICT Environment Strategy Audit of Infrastructure & Compliance Physical Identity Management Audit & Compliance We provide independent security audits of deployed or existing systems and solutions. Such audits proves their compliance with internal company rules, as well as to make sure the operation of the ICT environment meets any required applicable regulatory and legislative requirements. Identification and analysis of drawbacks help us define a risk list, which we use to provide suggestions for specific remedial measures to eliminate the risk of penalties, sanctions, or failures. Fig.1 ICT Environment Products and Services in ICT Environment Unicorn Systems is a experienced provider of complex ICT security products and services. The services we provide include solution auditing, analyses, design, and implementation across the ICT field. We implement solutions in accordance with agreed process methodologies and company regulations; our solutions comply with applicable ISO standards. We use the right approaches, processes, and solutions to help our customers ensure that only authenticated and authorized entities (people, applications, systems) access their information, data, and systems. When implementing ICT security projects, we observe three underlying principles: Confidentiality Integrity Availability We apply these principles in the following areas: Properly implemented ICT security to the environment can prevent financial and other losses. Such losses may include: Direct financial losses caused by production or sales activities outage Reputation loss by consumers or suppliers in the competitive market environment Loss of critical know-how Costs inefficiently spent on incident resolution and information security We help to improve services, pro cesses, and implementations in a methodical way by cyclical repetition of precisely specified activities plan, do, check, act (PDCA). Penetration Testing We provide efficient penetration testing to check how your ICT environment resists to old and new threats. Early identification of information system vulnerabilities is an important part of the overall ICT environment security. Our professional team of experts performs efficient security testing using proper testing methods to test the condition of information system in various stages of its lifecycle. Basic vulnerability testing is carried out using automated tools which detect common system vulnerabilities. Documentation analysis and perform static testing at the code analysis level to identify drawbacks in early development stages. We simulate attacks on known and unknown systems afterwards we help to eliminate identified vulnerabilities we make recommendations or implement Strategy Efficiency over time Cost Optimisation Standards Classification and Regulations of Assets Technical Requirements SLA Fig. 2 Strategy and its Outputs for Cost Optimisation over Time

3 Input Information Test Definitions Environment Mapping Testing Fig. 3 Penetration Testing Process security precautions in cooperation with the customer s IT team. We help your internal IT department to fix any identified drawbacks. Infrastructure The ICT infrastructure is a key part of your ICT environment, so we pay special attention to proactive protection of your infrastructure from malicious attacks. Cyber attacks may affect performance or even disable your online systems. We deploy and set up multi-layer firewalls to efficiently detect and prevent malicious incoming and outgoing data communication. We integrate Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) into your existing environment. Early detection of a (D)DoS (Distributed Denial-of-Service) attack allows for better protection of data networks and information systems. We implement powerful analysis and spam detection solutions in your Outputs Presentation Suggested Vulnerability Fixes Cooperation with IT Department existing environment. We apply and enforce security policies and settings to provide server protection. We design and execute performance and configuration testing to check the capabilities and stability of your infrastructure; we also test existing IT solutions for infrastructure and other vulnerabilities. End User Device We secure new and existing end user devices used in business environment. threats constantly grow with all new end user devices (including mobile and smart devices). We offer an efficient solution including up-to-date, functioning security software, a properly configured firewall, and a deployed data protection system. We deploy both centrally managed security solutions and local antimalware systems to provide underlying security for all end user devices and protect your information systems from intrusion and malicious code (viruses, phishing, spyware, rootkits, and more). Based on your requirements, we suggest and deploy appropriate encryption methods to protect your file systems, communication, and transport of sensitive information. We also use MDM (Mobile Device Management) solutions to support security of your mobile and smart devices. Central management of mobile devices, enforcement of internal regulations, and management of data security make significant contributions to protection of your business environment. Centralised Management and Administration Encryption MDM of Mobile Platform Fig. 4 of Mobile Platform and its Underlying Components Identity Management Management of user access and authorization to applications and systems is an important part of ICT environment security. We support systematic

4 management of access, user accounts, and roles with a powerful software solution during their entire lifecycle. We deploy and administrate identity management tools, integrating partial solutions to internal systems of your company. We design and integrate SSO (Single Sign On) systems to enhance your protection, improving work efficiency and providing users with access only to those systems and applications they are entitled to access, without the need to remember multiple credentials. Identity Management Single Sign On Fig. 5 Integrated Authentication Components Physical We provide protective equipment, such as CCTV and IP based camera systems, for business operations and premises of your company, installing comprehensive electronic access control and security systems and alarms, and providing installations in data centres and server rooms. We design and install electronic security systems, connecting them to your central security board. We deliver and install electronic access systems to control access permissions of your workers Two-factor Authentication Integration and keep records of their presence. We design and implement CCTV and IP based camera systems to immediately alert you to unauthorised intruders and their movements; we also integrate physical security systems to your other ICT systems. Monitoring Systems Monitoring and assessment of the health of system components is an important part of IT security. For this purpose, we design and deploy appropriate monitoring and tracking solutions. With such tools, we can uncover and identify your security risks at an early stage, preventing later emergencies and disaster situations. We design and deliver suitable Information and Event Management (SIEM) tools to gather data from various systems and devices, provide real-time monitoring of network traffic and processes, and offer a single view of your current security position. We design user authentication systems to meet your requirements and provide the authentication necessary for specific asset classes (e.g. required two- -factor authentication using smart cards or tokens, etc.). Subsequent user authorisation shall securely define specific permissions and competency scopes. Supervisory Systems Vulnerability Detection Fig. 6 Protection of Confidential Data Data Leak Prevention Reporting & Notifications Data Protection Early identification of information system vulnerabilities is an important part of the overall ICT environment security

5 We implement Data Loss Prevention systems. With these complex platforms, you can define your data confidentiality level, specifying which users may perform what operations on what classified data. We install efficient Vulnerability Management tools, scanning your network and searching for new vulnerabilities of used devices and information systems. We provide testing, monitoring systems, and enforcement of corporate standards and processes on user and application activities. Why Pay Attention to Your ICT Environment? The absence of any security strategy, poorly verified user access and risky behaviour of users, neglected monitoring systems over network activities, unchecked data handling and poor data classification, unprotected systems and terminal devices, incorrectly set-up security systems and components these are the threats which may seriously compromise your trustworthiness and your business. A thorough analysis of your current security state, followed by implementation of appropriate software solutions, preventative measures, and binding standards may significantly reduce the costs of incident resolution. A comprehensive security solution implemented by a reliable partner in compliance with applicable ISO standards and agreed process methodologies ensures smooth operation and further development of your ICT infrastructure. Unicorn Systems is ISO 9001, ISO 10006, ISO 14001, ISO 20000, and ISO certified to provide ICT solution delivery services. Unicorn Information System Unicorn Systems lets its clients share information through the Unicorn Information System, which is operated by the Plus4U internet service. The Unicorn Information System gives each authorized user 24/7 access to information about any supported project or provided service. Anytime and from anywhere, a client user will have access to documents and information on the status of a project and every user will always be able to communicate with other members of the project team. Added Value We have comprehensive knowledge of ICT security and rich experience and references from this field. We have an expert team with extensive process and technological know-how. We have the knowledge of and the experience with changes to business processes and environments. When it comes to ICT security, we work with strong technological partners, so we can offer multiple solution variants and choose the one to bring you the greatest added value. We can design and provide ICT security as a service.

6 Unicorn SYSTEMS References BritNed Development Ltd. Central Allocation Office GmbH ČEPS a.s. Česká pojišťovna a.s. JOHNSON CONTROLS FABRICS STRAKONICE s.r.o. Komerční banka, a.s. Modrá pyramida stavební spořitelna, a.s. nkt cables s.r.o. ORIFLAME CZECH REPUBLIC spol. s r.o. Raiffeisenbank a.s. About Unicorn Systems Unicorn Systems is a renowned European company providing the largest information systems and solutions in the area of information and communication technologies. We have focused on providing high added value and a competitive edge to our clients for many years. We have been operating on the market since 1990 and since then we have created a series of high-end largescale solutions that are extended and used among the most important companies Unicorn Systems a.s. info@unicornsystems.eu SG Equipment Finance Czech Republic s.r.o. SOR Libchavy spol. s r.o. Správa úložišť radioaktivních odpadů Státní ústav pro kontrolu léčiv ŠkoFIN s.r.o. TenneT TSO B.V. Vysoká škola chemicko- -technologická v Praze WOOD & Company Financial Services, a.s. Unicorn Systems is a member of Unicorn Group, a dynamic company providing comprehensive services in the field of information systems and information and communication technologies. All names, companies, company logos etc. are protected symbols or registered trademarks belonging to respective owners. Graphic layout: VIG Design s.r.o. VGD Photo Jiří Matula. Copyright Unicorn Systems a.s., USY2032EN01 in a variety of sectors. We have the best references from companies in banking, insurance, energy and utilities, communication and media, manufacturing, trade and the government. Our customers are not only the largest companies but also market leaders. We have detailed knowledge of the entire spectrum of all business sectors. We understand the principles of their operation as well as comprehend the specific needs of our customers.