Biznet Bilişim Sistemleri ve Danışmanlık Sanayi Ticaret A.Ş.

ISO 27001 Services

Information Security Management Consulting Security Awareness Training

PCI DSS Compliance Services

SAQ Consulting On Site Audit Firewall Rule Analysis Services Internet Vulnerability Scanning Intranet Vulnerability Scanning On Site Pre-Audit Source Code Analysis Service Internet Penetration Test Intranet Penetration Test Firewall Rule Table Analysis Service Information Security Documentation Service

Vulnerability Management Services

Intranet Security Tests Internet-Based Attack and Penetration Tests Web Application Security Tests Source Code Analysis Service Firewall Rule Analysis Services Database Security Services

Product Installation and Configuration Services Product Maintenance Support Services

Identity and Access Management Services

Integration Services Role Management Analysis Services

Learn More...

	Send E-Mail

Information Security Management Consulting

In today’s world all institutions regardless of size need security information in their daily operations, and this information constantly changes and diversifies.

In order to operate efficiently, the most valuable tool a company has is the information it possesses. The level of sensitivity of this information is subject to change from time to time. While for a certain establishment it may be vital to keep information secret, for another company it could be very important to disseminate information without any interruption. The methods of creating, preserving, sharing and marking information may differ but everyone values the information they have. Proper protection is required according to need, and in the event of a protection failure there can be many risks including financial loss, criminal damages, loss of credibility and information leakage to rival companies.

Even if the concept of information is not limited to purely electronic media, widespread access to the Internet, the huge increase in threats, easy access to attacking devices and the availability of cheap and easy-to-carry external hard disks all serve to emphasize the threats facing electronic media. However, it is also necessary to provide adequate protection for information contained in printed media or transmitted over the telephone, through meetings, in shared public areas or by snail mail.

Information Security Management consists of determining the unique needs and expectations of a given institution and preparing and maintaining appropriate security measures. The existing internationally accepted Information Security Management System (ISMS) standard is named ISO 27001.

Biznet’s Information Security Management Consulting is based on the ISO 27001 standard. Our consulting prepares established ISMS to be inspected for certification. Our consulting services include the following steps:

Risk Analysis
In creating a ISMS according to the needs of a given institution, the institution’s information pool, possible threats faced and degree of vulnerability are all taken into consideration. An all-inclusive inventory is prepared, threat and vulnerability factors are associated with each item, and risk values are calculated according to potential damages and the probability of the threat. Listing all items together then creates a table populated with thousands of possible risks.

Threats, vulnerabilities, and the number and diversity of entities are variable and the risk environment is very dynamic. Therefore updating of the table is just as important as its compilation. ISO 27001 requires periodic review and risk updating.

Biznet offers ISMS with its own ISMArt software. ISMArt makes the process described above relatively easy. Entity, threat and vulnerability information stored in our database assists the user in defining his or her own environment. Integrated guides are available to be used in objectively setting parameters such as the value of entities and the probability and effect of threats. Risk assessments are prepared and displayed based on the input data. The risk report can be ordered according to the preferred parameter and presents important data for use in the decision-making process.

Selection of precautionary controls; Policy and procedure preparation
After reviewing an institution’s risk report and selecting a risk reduction approach, related measures, BizNet’s consulting service considers control areas predicted by ISO 27001 in order to determine appropriate precautionary measures.

Following this process, policies and procedures are prepared in order to announce and implement these measures throughout the institution. Risk improvement plans are prepared and put into force.

Biznet uses ISMArt in its consulting services to provide a fast and efficient process for matching controls with risks. We also use ISO 27002 guidelines stored in the ISMArt database to connect an institution’s risks with the corresponding portions of thousands of policies and procedures.

Preparation of Statement of Applicability
A document is prepared showing to what degree the established Information Security Management System has met the controls set forth by ISO 27001. This document is updated as new controls are added. This document is the most important reference used during inspection of the system.

Biznet uses ISMArt in our consulting services to assist in the formation of conformity declaration using data produced by the system. This method allows for fast, accurate, and guaranteed up-to-date document production.


Copyright © 2010 Biznet Bilişim Sistemleri ve Danışmanlık Sanayi Ticaret A.Ş.	Web Design: WS