Information security is a continuing process requires specialization & expertise in order to be effectively implemented. INNOVA offers both specialization & expertise in an on-going basis assisting organizations to effectively manage their information security risks. Information Security Management Program is a combination of well defined policies, procedures, standards, guidelines & risk assessmewnts required to establish the required level of information security. Innova’s offering regarding Information Security Management Framework is comprised of the following services:
On-going Information Security Management Program
INNOVA offers an effective way to deploy information security within the organization. Our approach supports Business goals and provides a way to demonstrate compliance with related regulatory & statutory requirements.
Furthermore, the service reduces cost, time & resources for information security management allow the organization to focus on other activities.
This is an on-going service with a minimum duration of one (1) year, comprised of the following activities:
ISMS evaluation Annual review of the security policy regarding its relevance with Organizations’ business objectives, InfoSec risks, legal & statutory requirements and ICT infrastructure in use.
Information assets classification Annual classification of the critical information resources. Classification includes the Business Impact Analysis and determination of the information security requirements related to Confidentiality, Integrity & Availability level required for each critical information resource.
Compliance review, evaluation & reporting High level assessment of Organization’s compliance with legal & regulatory requirements. Reports are provided in order to demonstrate the compliance.
Architecture review & evaluation Review of existing security architecture effectiveness and adequacy. Detailed reports are produced which recommend the changes need to take place as well as any additional technical controls required.
InfoSec Management Framework design & deployment Detailed action plan of the tasks & activities required in order to satisfy the requirements of the Security Policy. The analysis defines a detailed action plan with all tasks need to take place, prioritization of the tasks, responsibilities, objectives and resources required.
Awareness Design & implementation of an Organization wide security awareness campaign. Training materials provided & seminars organized in order to promote the Corporate security policy and need for policy compliance.
On-going consulting Security consulting by our experienced consultants, including recommendation and experts’ advice in everyday security issues.
Information Security Risk Prevention services
This is a unique combination of the Enterprise Risk & Vulnerability assessment services aiming to offer customers the required level of prevention against information security risks.
This is a contract based service (with a minimum duration of one year) which includes a yearly vulnerability alerting service & a number of penetration tests. It also includes an Enterprise Risk Assessment service that is delivered in various levels of depth.
Organization doesn’t need to invest in resources for risk assessment since it outsources the service. Furthermore organization has the ability to choose the kind of service needed, according to the criticality of the business environment along with the budget provided for that purpose.
The service is provided in three (3) options:
................................................................................................................................................................................................
Basic Information Security Risk Prevention
1 x Enterprise Risk Assessment: High level assessment, questionnaires based ISO27001 gap analysis Compliance Road-Map
1 x Penetration Test: Basic option provides an automated vulnerability scanning
Yearly Vulnerabilities Alerting
................................................................................................................................................................................................
Standard Information Security Risk Prevention
1 x Enterprise Risk Assessment: High level assessment, with automated vulnerability scanning as a complement, for the most critical IT systems
1 x Penetration Test: Standard option comprised of a combination of automatic & manual scanning for vulnerabilities
Yearly Vulnerabilities Alerting
................................................................................................................................................................................................
Advanced Information Security Risk Prevention
1 x Enterprise Risk & Vulnerability Assessment: Detailed, full strength risk & vulnerabilities assessment. Phased execution approach of the assessment is an option as well
2 x Penetration Test: Extensive level of assessment which includes combination of automatic & manual scanning for vulnerabilities. For every identified vulnerability full exploitation is taking place
Yearly Vulnerabilities Alerting
................................................................................................................................................................................................
Benefits for the Customer
Reduces cost, time & resources for information security
Specialization & expertise in an on-going basis
Flexibility in service delivery
Organizations can demonstrate compliance with related regulatory & statutory requirements
Allows for better budgeting for information security needs
................................................................................................................................................................................................
