Information system security is a field of growing interest especially for entities that manage and handle sensitive data.
Companies, banks, governments, military agencies are the main targets of cybercriminals, professionally and technically prepared people highly motivated to get hold of valuable information: bank accounts, credit card or confidential data, with potentially devastating consequences.
Viruses, spyware, malware are threats always associated with human factors (employees and occasional users of the corporate network) and too permissive security policies. These are real risks, often underestimated, making life easier for criminals and compromising the safety of information.
Minimizing the effects of attacks involves the identification of problems by a careful Risk Management. A proper safe and efficient operation of IT services requires constant and regular focus on many important factors:
Software security: software is a key part of IT and is widely targeted because of his strategic importance.
External security:accessing internet presumes you have an IP address, you must be able to communicate with the web but at the same time this puts hackers in a good position to make cracks in the system.
Internal security:it is very similar to the external security and deals with the different IP network addresses within the company.
Wireless security:in the IT landscape mobile devices and wireless networks are becoming more popular. The safety of these does not go hand in hand with their spread and can also be a source of unwelcome intrusions.
Social engineering:the social engineer is someone who tries to elicit information from people that, integrated with other knowledge, allow him to have a privileged access to the network or to define particularly dangerous attack strategies.
To meet the above requirements, thanks to years of experience with high-profile customers, CPU I- TECH has developed a cyber security methodology of risk management whose strategic plan is based on the following activities:
Vulnerability Assessment:The aim is to enumerate and detail “holes” that can lead to unwanted access in the corporate network. A methodical and deep scanning of the company network, to be held outside the normal production schedule in order not to hinder the work, brings out all the potential weaknesses .
Penetration Test:This activity test the actual consistency and danger of the weaknesses identified in the Vulnerabilty Assessment. All the needed operations require at least two weeks during which is tested every single weakness, real or imaginary, in the infrastructure updating or, if necessary, changing critical components deemed at risk while maintaining all the functionality
Personnel Security:The aim is to draw up ad hoc procedures and make them known to the relevant staff. This dramatically reduce the risk of errors, theft or abuse.
Network Security Monitoring:It is an activity that allows a company to keep pace with the ever-changing threats. What is safe today may not be in the future. Every day new vulnerabilities are discovered and it is necessary to implement a prevention system to constantly monitor over time intrusion attempts.