KÜRT’s solutions to challenges
Under Act L of 2013 (hereinafter referred to as: the “Information Security Act”), the head of the organization is required to ensure the protection of the organization’s electronic information systems.
Preventing official fines
KÜRT undertakes to prepare all documents required by the authority, in required form and content.
Identifying vulnerabilities affecting the organization’s electronic information systems and avoiding further occurrence. Under BM decree 41/2015 (VII 15), vulnerability testing is mandatory starting from security class 3.
Performing vulnerability testing; suggestions for dealing with detected shortcomings. The KÜRT has obtained a license for carrying out vulnerability testing under the Information Security Act.
Preventing security incidents originating from regulatory or technological shortcomings
Provision of protection in proportion to risk at both the policy and the technology level.
The proprietary, modular SeCube IT GRC software provides special support to the management of compliance with the Information Security Act and the generation of OVI and SZVI reports in the form required by the authority. It provides a unified framework for risk analysis and management, business continuity planning and disaster recovery planning
The precise interpretation of the law and the requirements of the implementing regulation
KÜRT has participated in the preparation of a large number of organizations for compliance with the Information Security Act.
Therefore, the company has the necessary professional and legal knowledge to successfully and reliably assist its clients in meeting legal requirements.
The references of KÜRT’s experienced IT security specialists guarantee the solution for individual problems as well.
What are the basic tasks that must be carried out in order to meet the requirements of the Information Security Act?
- Classification of electronic information systems into security classes.
- Classification of organizational units related to the critical system component according to level of security.
- Establishing the currently achieved organizational level and security class; exploring shortcomings.
- Preparation of action plans to address shortcomings.
- Developing regulations that comply with statutory requirements.
- Compilation of reports for the authorities.
PROTECTION OF KEY INFRASTRUCTURE
Preparation of the operator security plan
KÜRT undertakes to assist the companies designated on the basis of the identification report in preparing their operator security plan and implementing network security activities contained therein.
Risk and business continuity management (BCM)
Taking part in the creation of business process continuity (BCP) plans, production continuity plans (PCP) applied to production processes and disaster recovery plans (DRP).
Regular execution of risk analyses.
The SeCube IT GRC software is able to effectively support the periodic renewal of the tasks listed above.
Meeting network security requirements
Recording and processing a large number of log files generated in the IT systems with an appropriate log analysis application (LogDrill).
Testing the vulnerability of systems through legal hacking and penetration testing.
The implementation of context-sensitive changes in the configuration for hardening systems.