System Integra services according to IT security management process and typical problems occuring in the process of enterprise IT security management. INFORMATION SECURITY STRATEGY PLANNING Information Security Policy Planning Disaster Recovery Planning / BCP Typical problems: Lack of understanding of the need for information security Lack of Information Security Policy planning which is a basic requirement Policy is hard to understand and it is not being enforced and used No DRP/BCP planning in place which could result in serious financial lost or every company bankruptcy anytime Available Services:  Information security policy planning or review  Disaster recovery planning or review  Incident responce planning or review RISK ANALYSIS Detailed Risk Analysis Typical Problems: Lack of detailed and independent risk analysis Lack of skilled experts able to provide comprehensive risk analysis High complexity of application related risk analysis Lack of understanding of the information security threats Incomprehensive analysis of the risks related to critical systems Available Services:  Information security assessment  External intrusion test  Internal intrusion test  Critical systems security assessment  Application security and performance audit  Phone system security audit SECURITY REQUIREMENTS AND SOLUTIONS PLANNING Security Requirements Analysis Security Solutions Planning Typical problems: Lack of independent security requirements and solutions analysis Wrong choice of information security products Wrong design of information security solutions Buying solutions which are not required for the particular type of the company Buying expensive solutions when problems could be simply fixed with help of trained IT personnel Choosing solutions which are not being the industry standard and soon will have to be replaced Available Services:  Detailed Security Requirements Assessment  Network architecture design or design review  Firewall and VPN design or design review  Encryption systems design or design review  Anti-virus solutions design or design review  Database system design or design review  On-line application security design or design review INFORMATION SECURITY IMPLEMENTATION Implementation of Safeguards Security Awareness and Training Typical problems: High complexity of information security solutions implementation Lack of independent party reviewing the implementation Implemented solutions are not functioning correctly High cost of maintaining of incorrect implemented solutions Lack of professional information security training Available Services:  Security Implementation Project Assessment  Firewall and VPN implementation  Security monitoring solutions (IDS, Honey Pots)  Enterprise encryption systems  Policy management solutions  Vulnerability control solutions  Secure application development  IT security training SECURITY MAINTENANCE Security Monitoring Incident Handling Vulnerability Management Change Management Security Requirements Analysis Typical problems: Inefficient, time and resources consuming logs and security related events monitoring Lack of ability to act on a security incident Vulnerable servers, workstations, applications etc. creating a serious threat Common security incidents and leakage of confidential information Constant blackmailing, harassment via phone or e-mail Lack of information security training for new employees Lack of security consideration on new IT implementation projects Available Services:  System Integra Security Support  Periodical intrusion test  Regular information security audit  Application development support  Computer forensics analysis  IT security training