services

Security testing and auditing

Vulnerability assessment

Looking for weak spots in the computer network often uncovers problems which could be misused by an unauthorized person. Dishonest people could gain access to internal files and databases, monitor your emails, harm company’s website or disable important systems at the worst time possible.

One of the testing results you receive is the list of found vulnerabilities according to their relevance to declared business goals. We also provide proposals how to eliminate the most serious problems. This way, the managers have an important supporting material to make the appropriate decision regarding company’s security situation.

Security auditing

Practical revision of organizational and technical side of IS and detailed evaluation of a system security based on practical evaluation of device configurations and operational and contractual documentation.

We provide following types of audits:

    • Security audit of a selected subsystem or of the whole computer network
    • Preliminary audit in preparation to the ISO/IEC 27001:2005 certification

Consultations and solutions delivery

Disaster Recovery planning

If you are thinking whether or not to make an emergency plan, here are some questions which might help you:

    • What will happen if an information system or its part crashes?
    • What are the daily losses?
    • What are recovery requirements of your systems?
    • Have you prepared any plans to follow in case of a disaster or will you just improvise?
    • Do you know what is really backed up and for how long are you storing the data?
    • And what are the warranty conditions of your IT equipment? Are they sufficient regarding required recovery times?

When running the analysis, we must first determine your present situation. The most important are the board’s requirements for the IS availability. Are they supported by used technology and by your organizational controls?

We compare the requirements with your real abilities and prepare the solution. It covers the technological aspects as well as the organizational measures. After their consultation and inspection, we are able to make the recovery plan.
Recovery plan is a document which deals with the determined part of the IS. It considers existing organizational and technological dependencies and abilities of the company and its suppliers. Based on this, it determines needed procedures and technical steps and assigns tasks to recovery teams.

Our goal is to prepare your organization to face serious technological problems in a proper and tested way, in order to minimize downtime and financial losses.

ISO/IEC 27001 ISMS implementation support

The ISO/IEC 27001 norm helps building and maintaining a safe information system. It contains experience of many organizations and experts. The norm imposes requirements and offers recommendations needed for building and maintaining an Information Security Management System.
Our services consist of several steps:

    • Gap analysis of the current state of your system. Based on this knowledge we are able to prepare proposals about required changes of organizational and technical processes and controls
    • Help with the documentation preparation
    • Training of the employees

We can perform services of external auditors as well.
We are focused on practical needs of your company. Our goal is to achieve a usable, functional and secure information system. 


Training and awareness-raising

Training of employees

Internal employees constitute one of the biggest threats to the IS. They can manipulate internal data inaccurately and influence the work of other users. As well as you wouldn’t allow an untrained person to work with a machine in a factory, you also shouldn’t allow untrained employees to access your data. First, they must be briefed on the risks related to this type of work and must understand the highest threats existing in your environment.

Our training is easily understandable to ordinary people. We don’t aim to make a computer expert out of anyone. We explain which activities can be dangerous and why. The acquired information will help employees not only at work, but also on their business trips or at home.

Training of IT administrators

The training is prepared according to your needs. The lectures are oriented towards practical use. Our aim is to help the trainees to understand logical relations between given topics and to gain practical skills which can be applied straightaway.
Offered training subjects:

    • Windows Server administration
    • Linux Server administration
    • Basic setup and configuration of Cisco switches and routers

Presentations on information security

We prepare presentations on security geared towards various target groups:

    • Business owners and managers
    • Ordinary employees
    • Sales people

Before ordering a task, it is vital to clarify a goal which has to be attained by the presentation and also to find subjects which are important for the target audience.