Homepage
Wersja polska

PRODUCER AND INTEGRATOR OF IT SOLUTIONS
Unizeto Technologies S.A.

    		Search
    Our offer

    More information
    phone: +48 91 4257 411
    Homepage  Our offer  Information security

    Information security

    We offer a security audit of IT systems according to RHINOCEROS methodology. The audit provides:

    • a check of the level of company security,
    • the identification of weak points of systems and equipment in use,
    • information on standards and security procedures to be complied with,
    • a check of the system configuration for compliance with assumptions of the corporate security policy (if any).

    The frequency of audits depends on changes going on within a company.

    The audit scheme recommended by us is developed on the basis of fifteen issues that are mutually interconnected:

    1. Appointing an audit team
    2. Collecting information on organization structure of a company, network infrastructure and topology, media in use, active and passive devices, resources, physical and logical protection systems, threats and hazards, etc.
    3. Company orientation towards security assurance
    4. Preliminary analysis of the collected information
    5. Network traffic analysis
    6. Network security testing
    7. Analysis of network resources protection systems and hazard notification
    8. Verification of network administration and access control methods
    9. Cryptographic security (protection?) analysis
    10. HR analysis (It personnel knowledge/expertise, IT staff number)
    11. Physical security analysis
    12. Analysis of internet resources access policy
    13. Anti-virus control analysis
    14. Analysis of data recovery and company efficiency restore
    15. Audit report


    The following standards and procedures are observed while preparing and performing the audit:

    • PN-ISO 10011-1 Directives for quality system auditing. Auditing;
    • ISO/IEC 17799 Information technologies. Rules of conduct for information security management;
    • PN-I-13335-1 IT technique. Guidelines for IT system management. Concepts and models of security of IT systems;
    • PrPN-I-13335-2 IT technique. Guidelines for IT system management. Management and planning aspects;
    • PrPN-I-1335-3 IT technique. Guidelines for IT system management. Security techniques;
    • ISO/IEC 15408-1 Information technologies. Security techniques – Evaluation criteria of information security. Introduction and general model;
    • ISO/IEC 15408-2 Information technologies. Security techniques – Evaluation criteria of information security. Functional security requirements;
    • ISO/IEC 15408-3 Information technologies. Security techniques – Evaluation criteria of information security. Requirements of security assurance;
    • PN-I-02000 IT technique. Protection of IT systems. Terminology;
      IT Baseline Protection Manual - handbook published by Bundesamt für Sicherheit in der Informationstechnik.
    up ^
     Printer version
     PDF version
     Recommend to a friend
    CMS - Unity Content ManagerSite map | Contact | Legal notices
    © 2011 by Unizeto Technologies S.A. All rights reserved.