ISMS Development and Implementation
Information Security Management System (ISMS) is an advanced information security framework and set of solutions designed to manage companies’ data security and business processes as a whole. ISMS aims to protect the confidentiality, availability, and integrity of datasets and ibformation systems from threats and vulnerabilities using various security controls. Softengi develops ISMS solutions based on the international standard ISO 27001, ensuring that the information security system effectively reduces enterprise-wide risks.
Our ISMS Development and Implementation approach includes:
- Security Assessment
- Preparation of an appropriate document sets
- Acquisition and implementation of proper software and hardware if needed
- Maintenance of the ISMS Certification
Information Security Assessment
Softengi offers in-depth security assessments of IT infrastructure, providing valuable insight into the overall security of the company’s IT environment. Softengi’s information security services include two types of security assessments. The first type is Information Security Audit; the second one is Penetration Testing. It is recommended to use both alongside, but using just one option is also possible and useful.
Information Security Audit
Information Security Audit refers to a detailed assessment of a company’s information security state. Considering standards, clients’ requirements and specification, Softengi conducts audits of company’s business processes and IT systems, identifying its vulnerabilities and noncompliances. Based on gained information, Softengi’s security team prepares a detailed IT security report with expert recommendations.
Our Information Security Audit Includes:
- IT infrastructure checks and business-processes security audits
- Results Analysis
- Detailed reporting on the current situation with recommendations on improvements
- Vulnerabilities elimination and potential problems prevention
Penetration Testing
Penetration Testing or Instrumental Security Analysis is a type of IT systems security checks, which refers to a simulated cyberattack against a client’s IT systems to uncover vulnerabilities. Softengi performs this check based on the client’s specifications and requirements.
Our Penetration Testing includes:
- Information Collection and Processing
- Test Scenario Coordination
- Search for vulnerabilities and their exploitation using special tools
- Detailed reporting on weak points with recommendations on improvements
- Vulnerabilities elimination: configuring existing security solutions, installing additional software or hardware
Software Application Security Analysis
Software Application Security Analysis is a dynamic application analysis that assesses applications, identifies bugs, vulnerabilities, and misconfiguration on a large scale. Softengi’s information security team analyses various types of software, such as business process automation systems, document management software, accounting applications, sites, and interactive web applications.
Our Application Security Analysis includes:
- Test Scenario Coordination
- Definition of testing criteria
- Application Testing with advanced security tools
- Random Testing (Fuzzing)
- Application Penetration Test
- Detailed reporting with recommendations on improvements
SIEM Implementation
Security information and event management (SIEM) is a software, which provides real-time visibility across companies’ information security systems. The system monitors and analyses security events, notifying network admins about essential issues and problems. Softengi implements SIEM systems into the IT environment using Enterprise Security Manager (McAfee) and AlienVault Unified Security Management (AT&T), automating the company’s security.
Our SIEM Implementation includes:
- IT Infrastructure Audit
- Collection of technical specifications
- Pilot Project Implementation
- System Testing
- System Delivery
- System Support
