Cymsoft Information Technologies

Transcription

1 1 Cymsoft Information Technologies Dr. Cemal Gemci CEO

2 2 CYMSOFT? Established in 2006 in Ankara/Turkey. Main Activity: Provides Information Security solutions in each area of ICT. Focused on consultancy based on IT security. Representative of IT security products. R&D in ICT. Penetration tests. Information security training.

3 3 OBJECTIVES Carry out applied research in the fields of information security management processes. Develop conceptual and methodological state policy foundations of information security and creation of social and technical innovations. Prepare high quality specialists in the fields of information security innovations, knowledge and technology management. Cymsoft Bilisim Teknolojileri

4 4 OBJECTIVES Analyze, assess, detail the solutions made by the Government or other authorities for the development of governmental politics in ICT Security. Provide methodological support as well as proposals and independent assessment for state government, social groups and other persons involved in the development of national ICT Security subjects strategies. Cymsoft Bilisim Teknolojileri

5 5 AREAS OF INTEREST Trustworthy ICT ICT for governance and policy making e-learning Information Security Artificial intelligence Knowledge Engineering

6 6 Information security, compliance tools Talented on gap analysis, asset inventory management, RM/RA and documentation required by the Standards. Expert system OUR EXPERTISE Machine learning Knowledge engineering

7 7 INFORMATION SECURITY Consultancy on establishing an ISMS. A systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process. It can help small, medium and large businesses in any sector keep information assets secure. Let the organizations develop and implement a robust framework for managing the security of their information assets, including financial data, intellectual property, employee details, and information otherwise entrusted to them by customers or third parties.

8 8 INFORMATION SECURITY SISMS-HEALTH Using an application software: Cymsoft s Smart Information Security Management System for Health Organisations SISMS-Health is a tangible indicator of Cymsoft s experience on establishing ISO/IEC Information Security Management System. Distinguishing characteristics of SISMS-Health; Detecting hardware assets on network and recording assets manually, Collecting and evaluating the assets under an asset group, Calculating the asset values with three different method,

9 9 INFORMATION SECURITY SISMS-HEALTH Distinguishing Characteristics of SISMS-Health; Usage of five different risk evaluation methodologies four of which qualitative (including Octave Allegro) and one quantitative, Automated determination of threats, vulnerabilities and risk values of assets (including asset groups) according to asset categories, Ability of adding own asset categories, Information asset types identified, categorized and updatable thread and vuinsurability types related with this assets types on system,

10 10 INFORMATION SECURITY SISMS-HEALTH Distinguishing Characteristics of SISMS-Health; Automated determination of protective controls against the vulnerabilities towards information assets, Ability of adding own protective controls and relating them with threats, Preparation of Inventory of Assets, Risk Evaluation Report and Statement of Applicability (SoA), Ability to perform Gap Analysis, Automated documentation of mandatory documents included in the Standard, Multilanguage and help support,

11 11 INFORMATION SECURITY SISMS-HEALTH Distinguishing Characteristics of SISMS-Health; Defining different user roles and different authentication for different types of roles, LDAP integration for user management, Defining organizational title, business sector, company logo, address information, hierarchical organization unit chart, and business processes, Defining correlation between assets, business processes and organizational units, User friendly web based software, Low cost advantage.

12 12 R&D PROJECTS (COMPLETED) Smart Information Security Management System (SISMS); An ISMS (RA/RM tool) which uses an expert system for establishing, implementing, operating, monitoring, reviewing, documenting, maintaining and improving information security management.

13 13 R&D PROJECTS (COMPLETED) SISMS has been included in Information Security Management Tools by ENISA (European Network Information Security Agency) on April _tools/t_sisms.html

14 14 R&D PROJECTS (COMPLETED) SISMS for Health Organizations providing full compliance with the standard ISO/IEC Health Informatics Information security management in health using ISO/IEC SISMS for Telecommunications Organizations providing full compliance with the standard ISO/IEC Information technology Security techniques Information security management guidelines for telecommunications organisations based on ISO/IEC

15 15 R&D PROJECTS (COMPLETED) Although both standards (ISO and ISO 27799) are based on the standard ISO 27002, differences are; ISO has 26 additional control subjects and 13 extended control sets, ISO has additional explanations on 64 controls for health applications.

16 16 R&D PROJECTS (COMPLETED) Realization of a real time Web Application Firewall Algorithm to prevent web based attacks. A new algorithm for realtime network traffic monitoring.

17 17 R&D PROJECTS (ONGOING) Development of Integrated Information Security Management System Compliance Tool (ISMS integrated threat control system) Development of Smart House/Building Energy Management System (SHEMS) (System is going to learn human, especially disabled people behaviour inside the house and remote control) Design and Development of a WI-FI Baby Monitoring Device (WI-FI media)

18 18 PENETRATION TESTS During the management of information security process, by producing special scenarios, with internal and/or external technical, physical and social engineering methods, penetration tests are applied. Action after tests: technical and management level corrections report to improve security level and application of these corrections.

19 19 INFORMATION SECURITY TRAINING ISO/IEC Information Security Management System basic training, ISO/IEC Practise training, IRCA Approved ISO/IEC Internal Audit training, ISO/IEC Risk Evaluation training, Information Security Awareness training, Senior Management level Information Security Management training,

20 20 INFORMATION SECURITY TRAINING BS Data Protection Management Standards for Personal Information Management System training, ISO/IEC Health Informatics Information security management in health using ISO/IEC Standard training, ISO/IEC Information technology Security techniques Information security management guidelines for telecommunications organisations based on ISO/IEC Standard training,

21 21 INFORMATION SECURITY TRAINING ISO/IEC Information technology -- Security techniques -- Guidelines for information and communication technology readiness for business continuity Standard aareness training, Computer Forensics training, CISSP, CISA, CISM, CEH training.

22 22 Cymsoft Information Technologies