Cymsoft Information Technologies

Similar documents
Predstavenie štandardu ISO/IEC 27005

SECURING YOUR ASSETS / company_presentation_en_v1.00 / RG-C0

John Snare Chair Standards Australia Committee IT/12/4

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security management systems Overview and vocabulary

REQUEST FOR EXPRESSIONS OF INTEREST

WELCOME ISO/IEC 27001:2017 Information Briefing

SRM Service Guide. Smart Security. Smart Compliance. Service Guide

standards and frameworks and controls oh my! Mike Garcia Senior Advisor for Elections Best Practices

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

ISMS Implementation ISO IT Governance CEN 667

locuz.com SOC Services

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

ISO/IEC ISO/IEC

ITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018

Avanade s Approach to Client Data Protection

A Practical Approach to Implement a Risk Based ISMS

NATIONAL INFORMATION TECHNOLOGY AUTHORITY - UGANDA (NITA-U) REGIONAL COMMUNICATIONS INFRASTRUCTURE PROGRAM (RCIP) INFORMATION SECURITY SPECIALIST

Global Security Consulting Services, compliancy and risk asessment services

Information Security Architecture Gap Assessment and Prioritization

Industrial control systems

The IS Audit Process Part-1 Four key objectives

DXC Security Training

INFORMATION SECURITY MANAGEMENT SYSTEMS CERTIFICATION RESEARCH IN THE ROMANIAN ORGANIZATIONS

BHConsulting. Your trusted cybersecurity partner

Position Description IT Auditor

Certified Information Security Manager (CISM) Course Overview

An Overview of ISO/IEC family of Information Security Management System Standards

Healthcare Security Success Story

From Russia With Love

BHConsulting. Your trusted cybersecurity partner

Mohammad Shahadat Hossain

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Wolfpack Cyber Academy Training Catalogue

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

PCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1

Global Statement of Business Continuity

ISG ISI (Information Security Indicators)

UK Permanent Salary Index November 2013 Based on registered vacancies and actual placements

Val-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.

Helping you understand the impact of GDPR.

PROFESSIONAL SERVICES (Solution Brief)

_isms_27001_fnd_en_sample_set01_v2, Group A

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

falanx Cyber ISO 27001: How and why your organisation should get certified

Les joies et les peines de la transformation numérique

Canada Life Cyber Security Statement 2018

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

Global cybersecurity and international standards

Implementing an ISMS: Stories from the Trenches. Peter H. Gregory, CISA, CISSP, DRCE

External Supplier Control Obligations. Cyber Security

Management Update: Information Security Risk Best Practices

Workshop IT Star IT Security Professional Positioning and Monitoring: e-cfplus support

Securing Your Secured Data

Securing Information Assets with ISO 27001

Proposal for the Next Version of the ISO/IEC Standard

ANZSCO Descriptions The following list contains example descriptions of ICT units and employment duties for each nominated occupation ANZSCO code. And

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences

Data Security Standard 9 IT protection The bigger picture and how the standard fits in

Department of Management Services REQUEST FOR INFORMATION

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

Sponsored by Oracle. SANS Institute Product Review: Oracle Audit Vault. March A SANS Whitepaper. Written by: Tanya Baccam

EU General Data Protection Regulation (GDPR) Achieving compliance

ISO Implementation

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

Sage Data Security Services Directory

Cybersecurity, safety and resilience - Airline perspective

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

Agenda. TÜV Secure it GmbH short introduction. Risk Analysis Case Study. Certification Procedure. w w w. t u v. c o m 2/ 18. TÜV Secure it GmbH 2003

Cyber risk resilience

Effective Strategies for Managing Cybersecurity Risks

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

The Experience of Generali Group in Implementing COBIT 5. Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

FDIC InTREx What Documentation Are You Expected to Have?

C106: DEMO OF THE INFORMATION SECURITY MANAGEMENT SYSTEM - ISO: 27001:2005 AWARENESS TRAINING PRESENTATION KIT

Call for Expressions of Interest

GDPR Update and ENISA guidelines

Industry Classification Methodology Guide. ISE Cyber Security Industry Classification

AT FIRST VIEW C U R R I C U L U M V I T A E. Diplom-Betriebswirt (FH) Peter Konrad. Executive Partner Senior Consultant

TEL2813/IS2820 Security Management

Program Review for Information Security Management Assistance. Keith Watson, CISSP- ISSAP, CISA IA Research Engineer, CERIAS

Octave Method Component. CobIT Method Component. NIST Risk Management Framework. Generic Security Design Model. Design Theory: Governance

Cybersecurity & Privacy Enhancements

ISO & ISO & ISO Cloud Documentation Toolkit

Security Management Models And Practices Feb 5, 2008

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

Governance, Organisation, Law, Regulation and Standards Syllabus QAN 603/0855/2

EXAM PREPARATION GUIDE

Security Awareness Training Courses

Information Security Strategy

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

Security Methodology

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

Risk Assessment and Business Impact Analysis using PMI

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Code of practice for information security management

EU GDPR & ISO Integrated Documentation Toolkit integrated-documentation-toolkit

FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.

CCISO Blueprint v1. EC-Council

THE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY :

Transcription:

1 Cymsoft Information Technologies Dr. Cemal Gemci CEO

2 CYMSOFT? Established in 2006 in Ankara/Turkey. Main Activity: Provides Information Security solutions in each area of ICT. Focused on consultancy based on IT security. Representative of IT security products. R&D in ICT. Penetration tests. Information security training.

3 OBJECTIVES Carry out applied research in the fields of information security management processes. Develop conceptual and methodological state policy foundations of information security and creation of social and technical innovations. Prepare high quality specialists in the fields of information security innovations, knowledge and technology management. Cymsoft Bilisim Teknolojileri

4 OBJECTIVES Analyze, assess, detail the solutions made by the Government or other authorities for the development of governmental politics in ICT Security. Provide methodological support as well as proposals and independent assessment for state government, social groups and other persons involved in the development of national ICT Security subjects strategies. Cymsoft Bilisim Teknolojileri

5 AREAS OF INTEREST Trustworthy ICT ICT for governance and policy making e-learning Information Security Artificial intelligence Knowledge Engineering

6 Information security, compliance tools Talented on gap analysis, asset inventory management, RM/RA and documentation required by the Standards. Expert system OUR EXPERTISE Machine learning Knowledge engineering

7 INFORMATION SECURITY Consultancy on establishing an ISMS. A systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process. It can help small, medium and large businesses in any sector keep information assets secure. Let the organizations develop and implement a robust framework for managing the security of their information assets, including financial data, intellectual property, employee details, and information otherwise entrusted to them by customers or third parties.

8 INFORMATION SECURITY SISMS-HEALTH Using an application software: Cymsoft s Smart Information Security Management System for Health Organisations SISMS-Health is a tangible indicator of Cymsoft s experience on establishing ISO/IEC 27799 Information Security Management System. Distinguishing characteristics of SISMS-Health; Detecting hardware assets on network and recording assets manually, Collecting and evaluating the assets under an asset group, Calculating the asset values with three different method,

9 INFORMATION SECURITY SISMS-HEALTH Distinguishing Characteristics of SISMS-Health; Usage of five different risk evaluation methodologies four of which qualitative (including Octave Allegro) and one quantitative, Automated determination of threats, vulnerabilities and risk values of assets (including asset groups) according to asset categories, Ability of adding own asset categories, Information asset types identified, categorized and updatable thread and vuinsurability types related with this assets types on system,

10 INFORMATION SECURITY SISMS-HEALTH Distinguishing Characteristics of SISMS-Health; Automated determination of protective controls against the vulnerabilities towards information assets, Ability of adding own protective controls and relating them with threats, Preparation of Inventory of Assets, Risk Evaluation Report and Statement of Applicability (SoA), Ability to perform Gap Analysis, Automated documentation of mandatory documents included in the Standard, Multilanguage and help support,

11 INFORMATION SECURITY SISMS-HEALTH Distinguishing Characteristics of SISMS-Health; Defining different user roles and different authentication for different types of roles, LDAP integration for user management, Defining organizational title, business sector, company logo, address information, hierarchical organization unit chart, and business processes, Defining correlation between assets, business processes and organizational units, User friendly web based software, Low cost advantage.

12 R&D PROJECTS (COMPLETED) Smart Information Security Management System (SISMS); An ISMS (RA/RM tool) which uses an expert system for establishing, implementing, operating, monitoring, reviewing, documenting, maintaining and improving information security management.

13 R&D PROJECTS (COMPLETED) SISMS has been included in Information Security Management Tools by ENISA (European Network Information Security Agency) on April 2012. http://rm-inv.enisa.europa.eu/methods _tools/t_sisms.html

14 R&D PROJECTS (COMPLETED) SISMS for Health Organizations providing full compliance with the standard ISO/IEC 27799 Health Informatics Information security management in health using ISO/IEC 27002. SISMS for Telecommunications Organizations providing full compliance with the standard ISO/IEC 27011 Information technology Security techniques Information security management guidelines for telecommunications organisations based on ISO/IEC 27002.

15 R&D PROJECTS (COMPLETED) Although both standards (ISO 27011 and ISO 27799) are based on the standard ISO 27002, differences are; ISO 27011 has 26 additional control subjects and 13 extended control sets, ISO 27799 has additional explanations on 64 controls for health applications.

16 R&D PROJECTS (COMPLETED) Realization of a real time Web Application Firewall Algorithm to prevent web based attacks. A new algorithm for realtime network traffic monitoring.

17 R&D PROJECTS (ONGOING) Development of Integrated Information Security Management System Compliance Tool (ISMS integrated threat control system) Development of Smart House/Building Energy Management System (SHEMS) (System is going to learn human, especially disabled people behaviour inside the house and remote control) Design and Development of a WI-FI Baby Monitoring Device (WI-FI media)

18 PENETRATION TESTS During the management of information security process, by producing special scenarios, with internal and/or external technical, physical and social engineering methods, penetration tests are applied. Action after tests: technical and management level corrections report to improve security level and application of these corrections.

19 INFORMATION SECURITY TRAINING ISO/IEC 27001 Information Security Management System basic training, ISO/IEC 27002 Practise training, IRCA Approved ISO/IEC 27001 Internal Audit training, ISO/IEC 27005 Risk Evaluation training, Information Security Awareness training, Senior Management level Information Security Management training,

20 INFORMATION SECURITY TRAINING BS 10012 Data Protection Management Standards for Personal Information Management System training, ISO/IEC 27799 - Health Informatics Information security management in health using ISO/IEC 27002 Standard training, ISO/IEC 27011 - Information technology Security techniques Information security management guidelines for telecommunications organisations based on ISO/IEC 27002 Standard training,

21 INFORMATION SECURITY TRAINING ISO/IEC 27031 - Information technology -- Security techniques -- Guidelines for information and communication technology readiness for business continuity Standard aareness training, Computer Forensics training, CISSP, CISA, CISM, CEH training.

22 Cymsoft Information Technologies

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback