Services

 

BUSINESS PROCESS SECURITY

Until recently, banks preferred using their own products to keep insider threats in check. This proved to be expensive, however, and banks started outsourcing such products from well-known vendors. Projects involving such systems grew in numbers, and one reason for this was that fraud cases became more common. Another reason was the continued improvement of security mechanisms that successfully thwarted fraud schemes. To bypass these mechanisms, insider collusion is increasingly required

Ensuring and managing information security is an organization’s auxiliary activity: it is needed to support its core business. In the era of global digitalization, however, information security often becomes a hindrance that disrupts the core business processes.

  • Strategic consulting
  • Fighting fraud 

This is why it is crucial that IS management procedures comply with a company’s strategic goals and aim at meeting its business objectives.

  • Governance, risk management and compliance
  • Incident investigation

COMPLIANCE

Informzaschita has successfully met all PCI Security Standards Council requirements. Thus, we confirmed the high quality of our PCI DSS compliance assessment services and obtained the right to provide them in the future. We have extensive experience in adapting to the PCI DSS standard requirements. Our customers include a plethora of companies that completed projects related to the standard (compliance implementation and control). The confirmation of the quality of services we provide is a well-deserved recognition of our specialists’ high qualification.

The Russian authorities and other regulators, including international ones, keep a watchful eye on information security. This leads to a great number of requirements, often mandatory. In addition, only strict compliance with regulatory standards ensures legal support for information security processes.

  • PCI DSS compliance
  • ISO/IEC 27001 compliance
  • Compliance with Federal Law 152-FZ “On Personal Data”
  • Compliance with the National Payment System Law

Non-compliance can result in both penalties and suspension of business operations, whereas purely formal compliance, while preventing sanctions, cannot provide any real protection.

  • Commercial secret protection
  • Compliance with FSTEK requirements
  • Compliance with Bank of Russia requirements

INFORMATION SYSTEM SECURITY

A major risk category is industrial control systems (ICS) accessible from the Internet. Usually hackers can use such systems only to obtain confidential information about a facility. In some cases, however, they can even seize control over certain elements of these systems. To get a list of ICS accessible on the web, one can simply use a search engine. But the most common case, according to Informzaschita’s experience, is ICS that are allegedly “isolated” from external data transfer networks, but are accessible from companies’ local networks. Access to them is usually provided through network interconnection devices with security settings that are often neglected. In such cases, a hacker can use corporate users’ Internet connection to get access to ICS elements. This is an inadmissible breach of information security at industrial facilities.

IT systems and applications are efficient tools that are needed to manage any organization. However, a company’s growing reliance on IT leads to greater information security risks.

  • ERP, CRM security
  • ICS security

At the same time, criminals keep finding new ways of damaging companies, both financially and reputationally, by using access rights errors, software code vulnerabilities, etc.

  • Remote banking services security
  • Application security
IT INFRASTRUCTURE SECURITY

Malicious parties are now showing more interest in mobile platforms. Today, the most common type of mobile malware is the so called SMS senders, which are designed to steal money from subscribers’ accounts by sending text messages to paid numbers. As mobile device penetration grows, criminals seize new opportunities. Late last year, for instance, a Trojan virus was discovered that enabled them to bypass requests for banking transaction confirmation. Furthermore, hackers are increasingly targeting mobile devices to steal personal information. This is the obvious conclusion because some malware now has functions enabling it to steal data from mobile devices and manage it without the user noticing anything. The trend can be explained by the increasingly broad use of gadgets for business purposes.

MAINTENANCE AND SUPPORT

Support should focus on resolving the customer’s problems that arise and, if necessary, going beyond the formal boundaries of contractual obligations. When dealing with customers and products, competent assistance is vital.

Given the abundance of information security tools available in a large contemporary organization, the proper setting and operation of these tools becomes particularly important. Outsourcing these processes is often a cost-effective solution.

  • Support
  • Maintenance of IS systems
  • Outsourcing
  • Security Operation Center (SOC)
  • Information security products implementation

It  reduces the need to hire additional staff and guarantees high quality service.