IT Security Consulting | IT Security Audit – Compliance & Risk Assessment

IT Security

Weaknesses in information security can jeopardize your mission, threaten your profitability and lead to fines and penalties from regulatory bodies. If you are not completely confident in your information security state or your ability to manage IT risk, Bell Integrator™ consulting service can help your company develop more maturity in intelligence-driven operations across all environments. Our consultants assess strengths and weaknesses of your infrastructure and maturity of associated processes against best security practices.

Compilance & risk assessment (IT security audit)

Information Security Management System (ISMS) provides integration of all protective and organizational measures into a single managed operation that responds to real threats in real time and secures all your information throughout the enterprise.

Within the ISMS structure we provide the following services:

Check for compliance with ISO 27001
Compiling security management processes
IS incidents control system
Vulnerabilities control system
ISMS preparation for compliance certification with ISO 27001

Compiling ISMS in accordance with ISO 27001
IS risk management system
System of internal audit and compliance control
Asset management system
Support ISMS licensee service

PCI DSS ver.3

To ensure an adequate security level when processing cardholders' data, and in order to comply with regulatory requirements of payment systems, we offer comprehensive services to bring your infrastructure in compliance with the PCI DSS requirements. Consistent implementation of all PCI DSS procedures and create an environment most likely to provide receipt of a certificate of compliance.

We perform the following work:

Outlining the assessment area
Interviewing employees
Providing an expert opinion with recommendations in order to bring the infrastructure in compliance with PCI DSS
Developing organizational and administrative documentation
Certification for compliance with PCI DSS

Analysis of documentation
Selective control of systems within the area of assessment
Design of information security processes for cardholders' data
Supply and implementation of software and hardware protection of cardholders' data
Licensee service supporting the Customer's company in maintaining compliance with PCI DSS

Data Protection

DLPs are systems that prevent the disclosure of confidential information to anyone outside the company through any channels. DLP solutions prevent unauthorized use (copying, changing, etc.) and movement (shipment, transfer outside the organization, re-saving in other directory, etc.) of confidential information through controlling emails, FTP connections, ICQ, MSN, AOL, documents printing onto a printer, USB, CD / DVD, Bluetooth, WiFi, etc.

We use products of leading vendors: Symantec, WebSence, McAfee.

Antimalware

Implementation of a comprehensive corporate antivirus system ensures:

Control of all possible virus channels - email, network protocols allowed to interact with the Internet (HTTP, FTP), external data storage media (floppy discs, CD, DVD, flash- cards, etc.), file servers
Continuous anti-virus monitoring and regular anti-virus scan of all servers and workstations
Protection of mobile devices, etc.
Protection against various types of threats - viruses, network and email worms, Trojan horses, unwanted programs (spyware, adware, etc.)
Automatic notification of viruses enfection and treatment
Phishing Scams

IPS (Intrusion Prevention System)

The Corporate Intrusion Prevention System monitors and reports on all data streams entering your corporate network, and takes a proactive approach to block any potential hazards. It hardens your company against any hostile influences. The Corporate Intrusion Prevention System is a component of the company security suite and is a scalable, flexible, cost-effective, and comprehensive solution of fortressing your company in the e-business world.

We use products of leading vendors: Cisco IBM Proventia, Stone Soft

IDM (Identity Management)

The Corporate Identity Authentication System provides hardware-controlled authentication of users with access to sensitive information. It uses tokens - small devices in the form of USB- pendants and smart cards to control access. Tokens can be used for storage of multi-symbol passwords, users' personal data, digital certificates and integrated with access control to premises, staff T&A systems, etc.

We use products of leading vendors:
Avanpost, Aladdin

Firewall/VPN (Firewall/Virtual Private Network)

Firewalls ensure a secure connection of the corporate network to public networks based on your security policies. This creates a reliable protection of the organization's perimeter, ensuring control of information flows between the corporate network segments, as well as limiting access to internal (published) resources of the corporate network from outside.

The Corporate Protection System for communication channels (VPN) provide the client's employees and partner a secure environment to transfer confidential information over the internet, guaranteeing the data's integrity and authenticity.

We use products of leading vendors: Cisco, Stone Soft, Juniper, McAfee

Web/URL Security Gateway

The control system for incoming web traffic scans and analyzes the data flows (packages) received in response to user requests (e.g. from your website) for potential danger. The system isolates malicious traffic from the organization's internal network in real time, preventing possible threats to information security.

We use products of leading vendors: McAfee, WebSense

BackUp

The backup system is a hardware and software solution designed to create additional copies of critical information. It is a key component of your business continuity strategy. According to Gartner, among the companies affected by disasters or having experienced major loss of corporate data (for any reason), 43% were unable to continue their business due to the lack of a backup system. Don't be caught by the unexpected, when it's so easy to prepare for it.

We use products of leading vendows: Symantec, Acronis

Delete Information

here are dozens of ways to recover information you thought was deleted. Secure deletion of information prevents leakage of critical information that you thought had been destroyed. Frequently some data have strictly limited shelf lives, and must be destroyed after a certain date. When that is the case, we can remotely select this specific data and permanently destroy it, so that it is unrecoverable from then forward. Your data and your company are thus protected.

We use products of leading vendors: Blancco

SIEM (Security Information and Event Management)

In large, geographically diverse organizations the number and variety of events related to security can make it impossible to manually collect and analyze them for potential threats. As a result, threats can go unnoticed, and unresponded to, leaving the company in a vulnerable position.

At the same time, there may be no clear procedures for investigation and response to incidents that are discovered.

As a result, serious vulnerabilities and threats my go unnoticed by the security team for a extended periods, significantly increasing the financial, legal, and reputational risk of the company.

We use products of leading vendors: Symantec

Data Base Protection

Databases have become one of the most critical assets for many companies, and protecting them is one of IT's highest priority jobs. Logging user activity in these databases, monitoring their vulnerabilities, and protecting against intrusion are paramount to ensuring your data, and your business, stay safe. We know the threats that are out there and how to protect against them. With Bell, you'll be confident in the safety of your data and the security of your business.

We use products of leading vendors: IBM Guardium

Special consulting services

With the IT infrastructure and data being such critical assets to any company, securing them has to be part of the overall company strategy.

We'll provide the expert consulting you need to construct an IT security strategy that fits your needs, budgets, and protection level. In addition, we'll create a flexible security strategy so that, if you need to change or increase your security later, you can do so quickly and cost-effectively.

Information Security Audit

An Information Security Audit is comprehensive-we look at everything to ensure you know the exact status of your security across your entire company or within a specific department. This enables you to make fact-based decisions on whether you need to increase your levels and, if so, how to do so most effectively.

An audit may be performed for the company, for individual critical areas, business processes, or specific information systems.

IT Security Outsourcing

Bell Integrator is a global IT outsourcing company, offering a comprehensive set of information security services to protect your IT infrastructure. By leveraging our geo-diverse delivery centers in nine locations in Europe and North America, we perform projects all over the world, offering IT outsourcing services in a cost-effective and efficient manner.

Key Features

Developing, evaluating and implementing cyber security policy
Conducting risk and vulnerability assessments
Securing and optimizing IT systems
Digital forensics services
Vulnerability and risk assessments
Internal and external penetration testing
Policy and plan development
Configuration management, design, and remediation

Enterprise security architecture design and re-design
Malicious code review
Computer security incident response
Engineering and architecture design
Operations management
Application and software security assurance
Insider threat and APT assessment
Social engineering (targeted phishing)
IT risk management and compliance