REPLY S OFFER FOR BUSINESS SECURITY

Transcription

1 REPLY S OFFER FOR BUSINESS SECURITY Reply has an integrated, cnsistent and cmplete ffer t supprt its Clients in the develpment f suitable strategies and in the implementatin f adequate slutins fr the effective management f Business Security & Data Prtectin. Our missin is t enable ur Clients cmpanies t establish trust-based relatinships with their interlcutrs and enable the perfrmance f their business prcesses, by taking int cnsideratin all aspects relating t risks assciated t an IT System. THE DELIVERY MODEL Thanks t the cntributin f ver 200 emplyees, highly specialized in the main technlgies and slutins, in pssessin f ver 200 certificatins, and wrking actively at the mst imprtant Internatinal bdies and institutins, the Reply ffer in the field f Infrmatin Security cvers the fllwing sectrs: Prfessinal Services fr the develpment f ICT security slutins and cuntermeasures f the fllwing types: Infrastructural, with Netwrk and System Security slutins Applicatin, with SOA and Web2.0 Security slutins, Cde Review, etc Digital Identity Management, with Identity and Access Management slutins Cnsulting Services in fields like: Security Strategy & Cmpliance Security Gvernance Security Awareness and Training Managed Security Services delivered rund-the-clck by ur Security Operatin Centre IT Fraud Management thrugh Anti-phishing e Transactin mnitring cntrls Security Assessment in rder t assess security levels The delivery mdel allws the integratin and synergy f all these different aspects f IT security, which are strictly interlinked in rder t be able t thrughly cver the different aspects f Business Security. Reply

2 2 REPLY S OFFER FOR BUSINESS SECURITY BUSINESS SECURITY BUSINESS SECURITY ASPECTS. T develp a Security Prgram cvering all cmpany aspects and fcusing mainly n business aspects, it is necessary t have a methdlgical apprach enabling t start frm the analysis f the current situatin, f regulatry requirements and security bjectives, in rder t set up a slutin implementatin strategy. Such need stems frm the fact that Infrmatin Security cvers different fields: technlgical, functinal, rganizatinal, legal and ecnmic. Spike Reply, a cmpany f the Reply Grup, specialized in Security issues, develps Business Security prjects using a prprietary methdlgy able t adapt t the Client s specific requirements and checked using the best-f-breed technlgy slutins available n the market. ICT SECURITY PROFESSIONAL SERVICES PLANNING: This type f activity is essential t plan, assess and select the best slutins amng the pssible technlgical r architectural ffers available n the market. These ffers are cmpared with the real prtectin needs f the client, in rder t btain the best RI fr that specific slutin. The in-depth knwledge acquired n the grund allw Reply t master particularly cmplex architectures in a multiplatfrm envirnment develped fr different Infrmatin Security areas: Netwrk Security, System Security, Applicatin Security, Data Security, User Prfile Security in highly critical envirnments, as well as in high-perfrmance envirnments. DEVELOPMENT: A cmpany plicy has n real value if the technlgical cuntermeasures which have been planned are nt develped and implemented in a careful and skilful way. Reply s strngpint lies in the planning and develpment f ICT slutins, thanks t its excellent technlgical features, widely recgnized by the market. Thanks t the distinctive cmpetences and the strng synergies within the grup, Reply is able t develp different Security slutins, thus ffering turnkey slutins. MAIN THEME AREAS: The main theme areas cvered in this field are: Netwrk & System Security: Perimetral Security and IDS/IPS Hardening High Reliability Systems Lg management and Audit (SIEM) Applicatin Security: Safe Cding Cde Review Digital Signature / PKI

3 3 REPLY S OFFER FOR BUSINESS SECURITY SOA Security Web2.0 Security Applicatin and Web Firewall Data Security: Cntent Filtering Data Encryptin Desktp Security Database Security Data Masking DLP (Data Lss Preventin) User Prfile Security: Analysis and Planning f Identity and Access Management Slutins starting frm a prfile and prcess mdels up t the implementatin f supprt technlgical services like: Identity Management, Rle Management, User Prvisining Enterprise and Web Single Sign-n, Strng Authenticatin Federatin CONSULTING SERVICES CONSULTANCY: Reply s cnsulting cmpetence applies t all ur prjects, since the best security architecture risks t be inefficient if it is nt fllwed and managed by peple sharing the same principles, the same prcedures and behaving in a cnsistent way, thus cmplementing the technlgies and the physical measures adpted, in an effrt t prtect the cmpany s critical infrmatin against internal and external threats. Reply wrks in strict cntact with the client s cmpany and its envirnment, in rder t define principles, general plicies and security bjectives, as well as the security functinal rganizatin, by detecting which are the peple invlved and detailing the relevant rles, as well as specific respnsibilities and prcedures. MAIN THEME AREAS: The main theme areas cvered in this field are: Security Strategy & Cmpliance: Risk Analysis / Business Impact Analysis Security Integrated Plan (Security Blueprint, Security Radmap) Business Cntinuity & Disaster Recvery Plans and Systems (BS25999) Infrmatin Security Management Systems (ISMS; ISO27001) Dcumentatin System (General Plicies and Security Operatinal Prcedures) Privacy Cmpliance (D.Lgs 196/03): develpment f DPS and regulatry system Cmpliance with laws, regulatins and best practices (SOX, L.231, ABI, Basilea II, PCI-DS, ITIL...) Develpment and implementatin f Internal Cmpetence Centre and/r

4 4 REPLY S OFFER FOR BUSINESS SECURITY Security Operatin Centre Security Gvernance: Secure Applicatin Building (SSDLC; supprt t the SW develpment team; Cde Review) Mnitring dashbard and Security Indicatrs (Security KPI/KRI/KPO) Vulnerability & Patch Management IT Accident Management Security Awareness and Training with tailr-made curses, n the basis f the client s specific needs MANAGED SECURITY SERVICES SECURITY OPERATION CENTER (SOC). The Cmmunicatin Valley Security Operatin Center (SOC), a Spike Reply s assciated cmpany, is a physical and lgical unit, the nly ne in Italy, specialized in the delivery f managed and prfessinal IT security services. SOC wrks fr a number f rganizatins and, as a cmpetence center, is in pssessin f ver ne hundred certificatins. It is a true cntrl twer, manned 24 hrs a day, 365 days a year by a security team made up by analysts, systemists and testers, specialized in real time mnitring, security system management and security assessment respectively. SOC avails itself f an exclusive infrastructure (Enterprise Security Management), made up by a series f applicatins fr: security event management, attack patterns recgnitin, technlgy upkeep, Knwledge and Asset Management. SOC interacts and share service utputs with the client, thrugh a web-based prtal, easy t use and rich in cntents. SOC delivers the main IT Security Services which make up ur Managed Security Services ffer: Security Infrmatin and Event Management, fr the planning and develpment f slutins fr the cllectin and crrelatin f reliable data n the use f netwrk and its cmpnents, as well as f all infrmatin necessary t ptimize resurces, crrect cnfiguratins and inhibit behaviurs that may cmprmise the efficiency f the Infrmatin System Security Mnitring, fr the cntrl and detectin f netwrk anmalies. Netwrk and Security Device Management, fr the peratinal management f netwrk and security systems. Early Warning, fr the prmpt management f escalatins in case f meaningful events. Plicy Cmpliance, t adapt IT systems t the risk factr chsen t cmply with cmpany rules, standards and regulatins. Security Plicy, t peridically check and minimize the IT systems expsure, with regards t their vulnerability level.

5 5 REPLY S OFFER FOR BUSINESS SECURITY IT FRAUD MANAGEMENT FRAUD MANAGEMENT. Fraud is an intentinal damage caused fr ne s wn interests, in rder t btain nn-authrized benefits (mney, prperty etc.) in fields such as legal, cmmercial, fiscal, currency-related, sprts, fd and banking. Online Fraud means any type f fraud cmmitted thrugh the use f IT tls. The majrity f fraud cases cncern identity theft and impersnificatin in the credit, cmmercial, insurance and telecmmunicatins sectrs. Our reply t nline frauds revlves arund tw main activities: Anti-phishing, t minimize the risk f identity theft; Transactin mnitring, t blck any illegal activity carried ut with illegally acquired identity data. ANTI-PHISHING. Phishing is an nline fraud technique using varius methds t cheat the user and induce him/her t disclse persnal and sensitive infrmatin (username, passwrd, credit card number etc.). Anti-phishing activities are perfrmer using a series f specialized prprietary tls and ffering supprt, 24/7, by specialists wrking in ur SOC (Security Operatins Center). Our slutin includes the fllwing benefits: preliminary analysis f dmain registratin, rund-the-clck phishing incident detectin, analysis f each incident, targeted takedwn f the phishing netwrk, credential dilutin and insertin f bait credentials. TRANSACTION MONITORING. Transactin mnitring is a pwerful tl in rder t: Mnitr nline activities in a transparent way (bth during the lgin and pstlgin phase); Detect high-risk activities, reprt and recmmend apprpriate actins; Empwer financial institutins t effectively investigate the reprted high-risk activities; The indicatrs used by the system, which establish the calculatin f the risk level during a transactin cncern: User Prfile; IP Prfile; Mechanism Prfile. By gathering a high number f indicatrs fr each prfile type, the system establishes a risk level t which a specific actin may then be assciated.

6 6 REPLY S OFFER FOR BUSINESS SECURITY SECURITY ASSESSMENT THE ASSESSMENT: Once the best slutin has been chsen and develped, it is imprtant t cntinuusly mnitr the system thrugh Assessment sessins. The discvery f new intrusin techniques and new ways t cunteract and minimize attacks require the peridical assessment f the IT system security; this is necessary in rder t maintain crrect parameters f cnfidentiality, integrity, availability, authenticity, nn-rejectin and privacy. This assessment is carried ut in different ways, accrding t the specific bjective ne wishes t attain: systems and/r applicatins (EthicalHacking) external assessment; cnfiguratin internal assessment; infrmatin system passive test, thrugh cnfiguratin file assessment and interviews with administratrs and prgrammers; verificatin tests f peratinal and rganizatinal prcedures, f manuals and f their actual implementatin. These activities naturally lead t the cmprehensive management f the security level maintenance achieved thrugh the delivery f Managed Security Services by ur Security Operatin Center (SOC). MAIN THEME AREAS: The main theme areas cvered in this field are: ICT Security Assessment Security Check-Up (general assessment f security aspects (LOFTA)) Vulnerability Assessment (identificatin f IT security vulnerabilities) Ethical Hacking / Penetratin Test (identificatin and practical assessment f infrmatin gaps) Within the Reply Spa Grup, Spike Reply and Cmmunicatin Valley are cmpanies specialized in the field f Security and Persnal Data Prtectin. Reply develped a cmprehensive, integrated and cnsistent ffer, in rder t tackle any aspect f risks assciated t an infrmatin system: frm detectin f threats and vulnerabilities, t the definitin, planning and implementatin f technlgical, legal, rganizatinal, insurance r risk retentin cunter-measures. Cmmunicatin Valley is a Managed Service Prvider specialized in the security management f cmplex netwrks. Its slutins are applied t all types f data and vice netwrks: wireless and wired, traditinal and VIP. Its prtfli includes security assessment, security device management and real time mnitring activities. Cmmunicatin Valley can bast a Security Operatins Center where security specialists are active H24x365. The Reply missin is t allw its custmers t perfrm their business in a secure envirnment, thus supprting them during the develpment and implementatin f adequate strategies and slutins, fr an effective management f Infrmatin Security. Spike Reply