Information Security and Cyber Defence
One of the major activities of the State Enterprise “Odesa Scientific-Research Institute of Telecommunications” of the Administration of the State Service of Special Communication and Information Protection of Ukraine is provision of services in the field of information security and cyber defence.
Types of services:
- Complex information security system establishment (CISS) in information and telecommunication systems (including objects of critical infrastructure) in accordance with the current laws of Ukraine in the sphere of technical information security;
- Conducting the state expertise of CISS in accordance with the security evaluation licence of information, which is not a state secret;
- Creation of the information security management system (ISMS) in accordance with the requirements of international cybersecurity standards;
- Consulting services with conducting internal audits of ISMS to implement the requirements of ISO/IEC 27001:2013 (ДСТУ ISO/IEC 27001:2015) «Information technology. Security techniques. Information security management systems. Requirements»;
- Consulting services with application of the world`s best practices and introducing security measures in order to reach the level of information security and cyber defence in accordance to the international standards requirements;
- Conducting audits of ISMS (external audit by another side) according to the requirements of ДСТУ ISO 19011:2012 (ISO 19011:2011, IDT) «Guidelines for auditing management systems» with provision of conclusion on conducting the certification audit (external audit by the third side) to identify the conformity of ISMS to the requirements of ISO/IEC 27001:2013 (ДСТУ ISO/IEC 27001:2015).
The Odesa Scientific-Research Institute of Telecommunications has a licence of security assessment of information, which is not a state secret..
The Odesa Scientific-Research Institute of Telecommunications has specialists:
- with over 14 years experience focusing onCISS creation and conducting the state expertise of CISS;
- auditor of ISMS with confirmed qualification: ISO 27001:2013 Lead Auditor Certificate.
In today's high-tech world in the field of information technology, the problem of protection of information assets and infrastructure of the company as a whole is becoming increasingly important.
Information and business processes have value for companies in both the public and private sectors. Each new risk, along with the existing vulnerability of the information system, carries the risk of an incident emergence, which in turn can lead to critical damage to the company (destroy the reputation or destroy all assets of the company).
Today, all the world's leading companies implement the latest information processing technologies using physical, virtual servers, using modern services: SaaS (Software as a Service), PaaS (Platform as a Service), IaaS (Infrastructure-as-a-Service), DRaaS (Disaster Recovery as a Service) to restore the infrastructure with minimal losses in a short time and using the storage technology with the help of (Network attached storage, NAS), network storage systems (Storage area network, SAN), cloud remote storage data using the resources of the data centers of the provider and accessible from any computer that has access to the Internet (Amazon S3, Google Drive, iCloud, Dropbox). This is by no means a complete set of tools for processing and storing information. The main premise should be understood that the use of unprotected technology can only hurt the company's business or, conversely, destroy the company.
Information security and cyber defence is a critical area, as it protects limited information from various threats (loss of integrity, confidentiality, availability of information and controllability of the system) in order to maintain business continuity, reduce losses, improve reputation in the domestic and global markets, increase the return on invested capital and expand business opportunities.
Protecting a company from external threats is a complex and costly task, especially when there is a need to meet the requirements of the growing number of legal documents, national and international standards. It is very difficult for the company's management to decide on the nomenclature of the protection means and the direction of building a protection system - the creation of CISS or ISMS.
An example of complexity is the formation of conceptual solutions for protection of:
- information belonging to state information resources and protection of information with limited access, the protection of which is established by law (for example, personal data of individuals). According to Article 8 of the Law of Ukraine "On protection of information in information and telecommunication systems", such information must be processed in a system using CISS with confirmed compliance;
- personally identifiable information in accordance with Article 4 of the GDPR (General Data Protection Regulation), health information and special personal data (Article 4 (13), (14) and (15), Article 9 and statements (51) - (56) of the GDPR. Such information must be processed in a system with an established information security management system with confirmed compliance with the requirements of international standards in the field of information security.
Specialists of the Odesa Scientific-Research Institute of Telecommunications, based on the results of critical analysis and using a comprehensive integrated approach, will help to find the optimal, competitive and economically sound solution to build a security system using the world's best methods, practices and means of protection in information security and cyber defence. Among which are:
- Data Loss Prevention Software (DLP);
- malware protection;
- implementation of solutions for detection and response to information security incidents at the endpoints of the EDR network (Endpoint Detection and Response);
- web-filtering and application of WAF (Web Application Firewall) technology, which will protect Internet applications (or various APIs) from common network exploits and bots;
- encryption of information;
- implementation of SIEM (Security Information and Event Management) solutions for monitoring information systems, real-time security event analysis and correlation of information security system incidents in general;
- implementation of anti-spam and anti-DoS / DDoS attacks;
- implementation of a policy of strict authorization and authentication in accordance with the rules of delimitation of access;
- introduction of the Intrusion detection system (IDS) and the Intrusion prevention system (IPS) to protect the perimeter of the network;
- use of firewalls;
- application of VPN technology;
- implementation of IAM (Identity and Access Management) solutions, which provides opportunities for secure management of access to cloud services and resources;
- implementation of PAM (Privileged Account Management) solutions for monitoring and control of accounts of employees of IT departments, system administrators, employees of outsourcing organizations;
- protection of Wi-Fi access points, mobile devices and IoT (Internet of Things), which are used (especially at critical facilities of the Company) as elements of fire and security alarm systems, ventilation, air conditioning, electronic locks, lighting, backup power supply systems, emergency automatic water/gas shutdown systems, etc.;
- organization of verification of the effectiveness of measures to protect IT infrastructure and business applications from external intrusion by performing penetration tests.
Specialists of the Odesa Scientific-Research Institute of Telecommunications provide training services in information security and cyber security in the field of CISS and ISMS.
CCIS is an interconnected set of organizational and engineering measures, tools and methods of information protection. Confirmation of compliance with the CISS is carried out based on the results of the state examination with the issuance of permits from the Administration of the State Service of Special Communications and Information Protection of Ukraine. As a result of the state examination in the field of TIS (technical information security), the owner of CCIS receives the Certificate of conformity of CISS, which confirms its compliance with the requirements of regulatory documents in the field of TIS.
ISMS is a part of the company's overall management system, which is based on a business risk-based approach, designed to develop, implement, operate, monitor, review, maintain and improve information security.
If you have any questions, contact us in any way convenient for you and our experts will give a detailed answer to your questions.
Your desire to improve information security and cyber defence with our secure information technology solutions is a step towards the successful development of your company.
Adress: 23, Bunina str., Odessa, Ukraine
Telephone: CSO (Chief Security Officer) +380 (50) 395 34 16,
SOC (Security Operation Center) +380 (67) 938 93 28.
E-mail: firstname.lastname@example.org, email@example.com