—
Service description: Information Security
Information Security
- Providing professional assistance to the Customer in solving problems related to information security.
- Providing inter-network security at the level of network connections (network segmentation, configuring allowed network connections, blocking attacks).
- Ensuring internetwork security at the level of application protocols (filtering malicious code, blocking unwanted sites, differentiating access to the Internet by user groups and categories of sites). Generation of reports on the use of the Internet (by users and categories of sites).
- Detection and processing of information security incidents.
- Protection against leaks of confidential information via the Internet (automated analysis of information at the content level, blocking attempts to transfer confidential information or notification in corporate security departments).
- Ensuring the information security of information systems dictated by corporate or external requirements and are additional to those implemented within the framework of other services.
- Detection and processing of information security incidents.
- Scanning information systems for vulnerabilities and compliance of the configuration with corporate information security requirements (standard rule base), providing reports and recommendations for elimination. Ensuring the provision of an additional one-time password for remote access to information resources.
- Control of the connection of computer data carriers and input/output of information, anti-virus protection of workstations, information protection of mobile devices, restriction of software installation and launch, exclusion of the possibility of unauthorized reading of information on computers, authentication means management.
- Ensuring information security of the Customer's information infrastructure (storage systems, virtualization systems, servers, active network equipment. Detection and processing of information security incidents. Scanning the infrastructure for vulnerabilities and compliance of the configuration with corporate information security requirements (standard rule base), providing reports and recommendations for elimination.
- Organization of the possibility of using personal computer equipment (PCE) as a remote workplace. PCE, prepared in accordance with the requirements of information security, provide: protection against malware by installing and maintaining anti-virus protection tools and / or means of protection against targeted attacks; protection against unauthorized access to information on the device's hard drive by encrypting it; protection of information when working with corporate services via the Internet by building secure connections; control of PCE connected to the corporate network for compliance.
- Ensuring and administration of public key infrastructure and public key certificates to authenticate IT infrastructure facilities and data encryption, while transferring information within and outside of the Company's LAN.