Implementation and assessment of an ISMS according to ISO 27001: 2013
The following can be used as a basis for building an ISMS:
International standard ISO 27001: 2013, which describes the requirements for the development, implementation, operation, monitoring, analysis, support and improvement of a documented information security management system among the general business processes of an organization;
International standard ISO 27002: 2013, containing a set of practical guidelines for building an information security management system based on best practices and experience in this area.
In addition, the requirements of these standards can also form the basis for an ISMS assessment.
Penetration testing is a practical assessment of the possibility of unauthorized access to critical company data from the Internet, as well as from the internal network of the organization. Testing is carried out by searching for possible ways of compromising the organization's systems using the discovered vulnerabilities or their combination.
Security analysis of network infrastructure and application systems
Network infrastructure security analysis
Network infrastructure - firewalls, wireless networks, routers, switches, VPN, VoIP, IDS / IPS, DLP, etc. - the basis of any information system. As part of this service, we analyze the configuration of the organization's network infrastructure and related processes from the point of view of information security, as well as evaluate their effectiveness.
Security analysis of application systems includes automated and manual analysis of applications in order to detect vulnerabilities. For the analysis, methodologies and approaches that are relevant for this application are used (including OWASP Testing Guide, OSSTMM, WASC Threat Classification, STRIDE), which allows the maximum coverage of possible attack vectors.
Data protection services: International law
In the context of the constantly changing nature of the activities of organizations, the introduction of new systems and processes, especially in Groups of companies established in several jurisdictions, as well as a changing legal landscape, compliance with the requirements of applicable international legislation in the field of personal data (PD) has become one of the priority tasks facing today in front of companies.
On May 25, 2018, the EU General Data Protection Regulation 2016/679 (GDPR) entered into force, aimed at protecting the personal data of individuals who are located in the European Union (EU). Despite the fact that the Russian Federation is not part of the EU, under certain conditions a Russian company may also be subject to the GDPR.
We have extensive experience in working with the international legislation of a number of countries, including Ukraine, Switzerland, Poland, Cyprus, Romania, Bulgaria, Great Britain, Czech Republic, Italy, Luxembourg, the Netherlands, Finland.
You can familiarize yourself with the main services of KPMG in the field of personal data protection that affect international law. We always strive to provide real assistance to our clients, therefore we will comprehensively study your problem and offer exactly those services that will meet your needs and help solve your problems.
We Integrate With Your Ecosystem
AZTECH is the easiest way to cut alert noise, detect new threats around the clock, and get the highest possible value from your Endpoint Detection and Response (EDR) solution