1 Cymsoft Information Technologies Dr. Cemal Gemci CEO
2 CYMSOFT? Established in 2006 in Ankara/Turkey. Main Activity: Provides Information Security solutions in each area of ICT. Focused on consultancy based on IT security. Representative of IT security products. R&D in ICT. Penetration tests. Information security training.
3 OBJECTIVES Carry out applied research in the fields of information security management processes. Develop conceptual and methodological state policy foundations of information security and creation of social and technical innovations. Prepare high quality specialists in the fields of information security innovations, knowledge and technology management. Cymsoft Bilisim Teknolojileri
4 OBJECTIVES Analyze, assess, detail the solutions made by the Government or other authorities for the development of governmental politics in ICT Security. Provide methodological support as well as proposals and independent assessment for state government, social groups and other persons involved in the development of national ICT Security subjects strategies. Cymsoft Bilisim Teknolojileri
5 AREAS OF INTEREST Trustworthy ICT ICT for governance and policy making e-learning Information Security Artificial intelligence Knowledge Engineering
6 Information security, compliance tools Talented on gap analysis, asset inventory management, RM/RA and documentation required by the Standards. Expert system OUR EXPERTISE Machine learning Knowledge engineering
7 INFORMATION SECURITY Consultancy on establishing an ISMS. A systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process. It can help small, medium and large businesses in any sector keep information assets secure. Let the organizations develop and implement a robust framework for managing the security of their information assets, including financial data, intellectual property, employee details, and information otherwise entrusted to them by customers or third parties.
8 INFORMATION SECURITY SISMS-HEALTH Using an application software: Cymsoft s Smart Information Security Management System for Health Organisations SISMS-Health is a tangible indicator of Cymsoft s experience on establishing ISO/IEC 27799 Information Security Management System. Distinguishing characteristics of SISMS-Health; Detecting hardware assets on network and recording assets manually, Collecting and evaluating the assets under an asset group, Calculating the asset values with three different method,
9 INFORMATION SECURITY SISMS-HEALTH Distinguishing Characteristics of SISMS-Health; Usage of five different risk evaluation methodologies four of which qualitative (including Octave Allegro) and one quantitative, Automated determination of threats, vulnerabilities and risk values of assets (including asset groups) according to asset categories, Ability of adding own asset categories, Information asset types identified, categorized and updatable thread and vuinsurability types related with this assets types on system,
10 INFORMATION SECURITY SISMS-HEALTH Distinguishing Characteristics of SISMS-Health; Automated determination of protective controls against the vulnerabilities towards information assets, Ability of adding own protective controls and relating them with threats, Preparation of Inventory of Assets, Risk Evaluation Report and Statement of Applicability (SoA), Ability to perform Gap Analysis, Automated documentation of mandatory documents included in the Standard, Multilanguage and help support,
11 INFORMATION SECURITY SISMS-HEALTH Distinguishing Characteristics of SISMS-Health; Defining different user roles and different authentication for different types of roles, LDAP integration for user management, Defining organizational title, business sector, company logo, address information, hierarchical organization unit chart, and business processes, Defining correlation between assets, business processes and organizational units, User friendly web based software, Low cost advantage.
12 R&D PROJECTS (COMPLETED) Smart Information Security Management System (SISMS); An ISMS (RA/RM tool) which uses an expert system for establishing, implementing, operating, monitoring, reviewing, documenting, maintaining and improving information security management.
13 R&D PROJECTS (COMPLETED) SISMS has been included in Information Security Management Tools by ENISA (European Network Information Security Agency) on April 2012. http://rm-inv.enisa.europa.eu/methods _tools/t_sisms.html
14 R&D PROJECTS (COMPLETED) SISMS for Health Organizations providing full compliance with the standard ISO/IEC 27799 Health Informatics Information security management in health using ISO/IEC 27002. SISMS for Telecommunications Organizations providing full compliance with the standard ISO/IEC 27011 Information technology Security techniques Information security management guidelines for telecommunications organisations based on ISO/IEC 27002.
15 R&D PROJECTS (COMPLETED) Although both standards (ISO 27011 and ISO 27799) are based on the standard ISO 27002, differences are; ISO 27011 has 26 additional control subjects and 13 extended control sets, ISO 27799 has additional explanations on 64 controls for health applications.
16 R&D PROJECTS (COMPLETED) Realization of a real time Web Application Firewall Algorithm to prevent web based attacks. A new algorithm for realtime network traffic monitoring.
17 R&D PROJECTS (ONGOING) Development of Integrated Information Security Management System Compliance Tool (ISMS integrated threat control system) Development of Smart House/Building Energy Management System (SHEMS) (System is going to learn human, especially disabled people behaviour inside the house and remote control) Design and Development of a WI-FI Baby Monitoring Device (WI-FI media)
18 PENETRATION TESTS During the management of information security process, by producing special scenarios, with internal and/or external technical, physical and social engineering methods, penetration tests are applied. Action after tests: technical and management level corrections report to improve security level and application of these corrections.
19 INFORMATION SECURITY TRAINING ISO/IEC 27001 Information Security Management System basic training, ISO/IEC 27002 Practise training, IRCA Approved ISO/IEC 27001 Internal Audit training, ISO/IEC 27005 Risk Evaluation training, Information Security Awareness training, Senior Management level Information Security Management training,
20 INFORMATION SECURITY TRAINING BS 10012 Data Protection Management Standards for Personal Information Management System training, ISO/IEC 27799 - Health Informatics Information security management in health using ISO/IEC 27002 Standard training, ISO/IEC 27011 - Information technology Security techniques Information security management guidelines for telecommunications organisations based on ISO/IEC 27002 Standard training,
21 INFORMATION SECURITY TRAINING ISO/IEC 27031 - Information technology -- Security techniques -- Guidelines for information and communication technology readiness for business continuity Standard aareness training, Computer Forensics training, CISSP, CISA, CISM, CEH training.
22 Cymsoft Information Technologies