IT Security PRO | Risk Management & Response as a pillar of Business Continuity

IT Security PRO | Risk Management & Response as a pillar of Business Continuity

Risk management in the modern economic system of security and in the field of technical solutions of many catastrophic risks, we are at the forefront of the global challenge to tackle ongoing threats with a comprehensive approach to ensure that we are in a position to deal with any potential threats.

Many times we combine proactive measures to prevent accidents or to reduce the consequences of a possible exposure.

The current risk assessment approach of the security of the system will be based on the risk assessment and monitoring. In this way, we will monitor all parameters in a context of continuous improvement, with the dynamic of real-time technical data in our control.

At Cosmos Business Systems we handle such requirements with solutions that meet our clients’ expectations in a comprehensive manner and support them to make informed decisions about their risks and their management policies.

In the context of:

  • Do you have security applications? In any field?
  • What are the potential security measures in the case of an accident or incident?
  • To purchase DLP or SIEM licenses? VPN or Teamviewer?

The current approach can be described as “list of threats/scenarios and with some potential metrics we will address them” in the areas “endpoint”, “network”, “Cloud”, “Applications” and “Business Processes”.

Some indicative scenarios such as:

  • Cloning of laptop (underlined access control);
  • Remote electronic surveillance (underlined information control);
  • How many security issues to be addressed from the laptop;
  • How much hardware anti-hacking logic electronic surveillance;
  • We have cryptography disk for the 1st scenario ;
  • We have generators for the 2nd scenario;
  • In the end, how many critical projects the environment should be a measuring with the appropriate preparation (underlined security agreement);

The logic of the target is to be a dynamic approach to adapt to the various challenges and address potential threats in the security environment and the profile of each kind. In this perspective will be characterized the diagnosis in “measures” that the real measurement will be adjusted according to the ideal and potential.

The diagnosis of the current data of the “measures” will be addressed:

  • How to prevent the file server (underlined critical asset) from “catching” malware the user on the local PC (scenario 1);
  • Or, what will cost me in terms of time to have the necessary for 5 days;
  • What backup logic needs to have the necessary to be restored in 3 hours (underlined measure 1);
  • What firewall and security checks will be needed (underlined measure 2) to measure the potential of the file server (measure);
  • If there is a backup tape (underlined measure 3) how long will it be in a few minutes to be transferred from a remote location (underlined scenario 2);
  • Willing to pay for protection in digital time (underlined measure 4);

The evaluation of scenarios as a general test of ICT assets is a logical path for the diagnosis and forecasting of the Business Continuity Plan (ISO22301) or/and security (ISO27001)/DPO, depending on the digital exposure and platform (BIMCO/IMO MSC.428/TMSA v3) and administrator in the field of governance (GDPR/EU 2017/745-746) etc. From this perspective, the threats will be highlighted, the risk assessments and the technical test will be performed in the overall evaluation of the potential. The phone that addresses them will be: “all scenarios have an internally with security and will be addressed with appropriate indicators from these.”

In the context of Risk Assessment (RA), the logic of threat and risk assessment is combined with a set of criteria, conditions and technical measures (unconventional or scheduled). 1st phase is the analysis of the current state of the infrastructure, political, regulatory and practical IT, the users are in the security of the perimeter, the business and the information & performance.

Analysis of Threat (Threat Analysis): The potential threats will be evaluated from their potential and will be analyzed the profile of threats in areas of attack or potential threats. We will also focus on the technical controls that have been induced in various infrastructure:

  • The energy management of systems.
  • The security of information management.
  • The access and handling of users with security in the systems.
  • Interfaces of networks.
  • Network security with and without threats (PS).
  • Firewall security systems (e.g. Firewalls)
  • Performance and security systems (e.g. servers, basic data, etc.)

Analysis of Management Architecture: The evaluations in the internal/external audit will be based on the synthesis of topics on design and diagnosis in:

  • Network Security Segregation, DMZ
  • Security Systems Architecture
  • Security of the perimeter in the network with external data and monitoring of security (NAC)
  • Security of central systems and domain name (Active Directory)
  • Security of security in Internet/mail & telecommunications security/VPN

Analysis & Diagnosis of Risks: The evaluation of the potential risks of the studied and identified threats, empirical and data sources (CIA) for the security systems. The risk ranking will be evaluated and the threats/management will be evaluated with the potential of their information and the evaluation of the management of threats. A specific Diagnosis of Risks (Risk management/treatment) will be evaluated in the potential levels of the measures for the diagnosis of risk, the criteria will determine the security of the system.

The hypotheses and findings in the risk assessment are to be monitored as System Integrator and the technical team of Cosmos Business Systems as a logical synthesis of the parameters, calculated and with the appropriate technology.

The risk management remains a complex and “heavy” diagnosis framework but can be put in an internal or/& external monitoring framework of a practical holistic security ecosystem that includes basic regulatory programming of technical measurements, while not being a self-implemented system or typical inspection.

 

CBS
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.