Cyber Security solutions

Transcription

1 Cyber Security solutions

2 The scenario IT security has become a highly critical issue for all businesses as a result of the growing pervasiveness and diffusion of ICT technology. Risks can arise both inside and outside organisations, and even a banal error in a software application can make a company vulnerable, compromising the confidentiality, integrity and availability of its IT resources and intellectual property. Critical infrastructures in both public and private sectors are increasingly dependent on distributed information systems to deliver services that are essential for the well-being of the country as a whole. Energy transmission and distribution networks (electric power, gas), telecommunications, transport management infrastructures (maritime, rail, air), the health care system and the financial sector are becoming increasingly complex and interdependent. If they malfunction, even for a limited period, it can have a negative

3 impact on the economy, cause financial losses and, in certain cases, could put the security and safety of people and things at risk. In the light of new business models, companies are being forced to review their approach to managing risk and identifying strategies to reduce the vulnerability of critical infrastructure, with the general focus moving away from defending IT assets, to protecting services by upgrading analysis and monitoring capabilities. Security is even more critical for companies that process their customers sensitive data, because national and international laws make organisations and their managers legally responsible for security and privacy violations. Businesses therefore need to implement security systems in response to regulations and legislation.

4 Cyber crime represents a constantly changing threat that requires the support of security experts, permanent system and network monitoring, and therefore significant investment in both competences and resources. S has more than 10 years experience working in cyber security. Drawing on a dedicated organisation, a consolidated approach and constant investment in resources and technology, the company provides public and private organisations with a comprehensive security strategy covering organisational, technological and compliance issues. Our approach focuses on understanding the customer's specific needs, main concerns and unique business drivers, with careful adaptation of our solutions and processes accordingly. The customer retains total control over strategic decisions and benefits from a personalized combination of services, delivered to the highest standards of quality and expertise. Experience gained in various market sectors as Defence, Banking and Finance, Public Safety & Security, Telecom - munications, Emergency Services, Energy and Gas Production and Distribution, Health Care, Transport, enables us to

5 understand both the business and security needs of critical infrastructures. This requires a profound understanding of processes and operations, in order to provide companies with guarantees that their services will be delivered seamlessly to users. Close collaboration with top security players, universities and research centres has enabled us to develop solutions that combine advanced technology with innovative calculation systems to manage risk and prevent attacks: the Cross Correlator, a system which correlates logical and physical events, analysing not only the IT network but also the critical infrastructure, and tracking event occurrence trends; and the Threat Management System (TMS), a software package that analyses the information in an organisation and correlates it with proprietary and open source vulnerability databases, in order to determine the level of exposure of the information system to existing threats.

6 Reference model The S approach includes assessment of all cyber assets, risk analysis, network design review, and monitoring and management of the entire security strategy to ensure the protection of critical assets. We offer expertise, tools, infrastructure and outsourcing solutions through a team of highly qualified, certified specialists who are kept constantly up-to-date. Services provided range from the design, implementation and management of secure communication networks, to the development of security policies, through to service level monitoring, training and assistance.

7 Certifications UNI EN ISO 9001:2008 Information Security: ISO/IEC 27001:2005 SOA: OS19 Category VI grade NOSC Business Continuity BS Safety OHSAS LSR18.6E Certified Datacentre Infrastructure (Lampertz Room) Resilient Infrastructure with Disaster Recovery Datacentre and UPS ISO SOC and Datacentre certified perimeter

8

9 Service portfolio Managed security services The Security Operation Centre (SOC) provides a flexible and comprehensive set of management and monitoring services that can be quickly tailored around any company s specific needs. Security services offer efficient, around-the-clock perimeter security with real-time monitoring, devices maintenance, event correlation, and analysis of the customer's infrastructure and critical applications for rapid response to security threats. Firewall and IP VPN Management Real Time Security Monitoring Security Intelligence Security Devices Maintenance Ethical Hacking CSIRT/CERT Services Security solutions A team of security experts designs and builds complete custom solutions to meet a company s specific security requirements and improve productivity. We offer turnkey solutions based on an analysis of customer needs, comprising architecture and design specification, implementation, and on-site integration. Services include the design of custom SOCs, secure collaboration solutions (Unified Communication and Messaging), information management with a particular focus on document classification and protection, and secure web applications. Network and Application Design Value Added Services Data and User Protection Data Loss and Leakage Prevention Secure/Certified Mail PKI and Digital Signature Message and Document Protection Document Secure Dematerialization

10 Risk management and consulting Professional IT security management services to help organizations identify potential risks and evaluate them, and to provide recommendations to mitigate the threats identified. The tools, techniques and methodologies adopted are tested in the field and combined together to provide the best solution for the company s risk management requirements. ICT Risk Governance Information Security Management Systems (ISO 27001) Cobit Framework Audit & Assessment Compliance (D.Lgs. 196/2003, L. 262/05, D.Lgs. 231/01, Sarbanes Oxley Act) Basel II Enterprise fraud management A series of innovative services based on the integration of technology, policy and processes to enable proactive fraud prevention and remediation. Anti-phishing Transaction Monitoring Alert Management Data Breach Response

11 Application security Evaluation of vulnerabilities in applications, taking account of the security posture of an application across the development life cycle, enabling companies to identify, eliminate, and prevent security risks in their software. Web Application Security Code Review Application Security Testing Social Networking Security Critical infrastructure protection A program for all industrial enterprises and sensitive infrastructures that need a complete security strategy able to address processes, people and technology. The approach includes assessment of all cyber assets, risk analysis, network design review, monitoring and management of the entire security strategy to ensure the protection of critical assets. Cyber Asset Identification Security Management Personnel and Training Perimeter Security Physical Security Systems Security Management Incident Reporting & Response Recovery Plans

12 For more information please Selex ES S.p.A - A Finmeccanica Company This publication is issued to provide outline information only and is supplied without liability for errors or omissions. No part of it may be reproduced or used unless authorized in writing. We reserve the right to modify or revise all or part of this document without notice Copyright Selex ES S.p.A. CODE: e-sec-ed-114/v1/11/z