Security Consultancy Services
Security Consultancy Services is a complement of services intending to measure and improve cyber security levels on the basis of a methodological approach for system, network and security needs of institutions and organizations.
Security Consultancy Services are offered through Security Consultants appointed as per specific needs of organizations.
According to international statistics, attacks on e-mail systems have increased significantly. Attackers prefer to infiltrate systems through low-awareness, careless, hard-working users rather than dealing with strong targets protected by the most advanced security technology and systems.
With E-Mail Security Consultancy; human, process and technology components are used in coordination and controls are carried out to minimize the impact of the organization's e-mail threats.
Security Technologies Consultancy services are rendered to the enterprises based upon the outputs of security technology analyses performed on the infrastructures of institutions and organizations. This service contains analyzing the security technologies on the infrastructures of institutions and organization by categories of human, process, technology and effective use. Necessary improvement and Consultancy activities are performed based on analysis results obtained.
Secure Architectural Consultancy services are offered in relation to the outputs of Secure Architectural Analyses performed on the infrastructure of institutions and organizations. A to-do report is submitted after Architectural Analysis. The objective is to rapidly increase security levels of institutions and organizations.
Operational Security Consultancy services provide a complex activities of improving architecture performed under Secure Architectural Consultancy and of effective use of security components performed under Security Technologies Consultancy. These services include on-site increasing of general security levels through operationally appointed consultants including but not limited to security component checks and interpretation of reports, product effective use checks, vulnerability checks and improvements, activation of up-to-date security controls on updated security devices and improvement of architectural infrastructure for targeted topology.
The objective of Effective Security Controls Consultancy is to ensure security of all information system components within the body of institutions and organizations. For this purpose, it is aimed at applying the security criteria on enterprise infrastructure within the following scope:
- Secure Hardware and Software Management
- Security Configurations for Server and Network Devices
- Continual Vulnerability Assessment, Improvement and Security Tests
- Management of Authorities
- Log Management and Analysis
- Email and Web Browser Security
- Protection Against Malware
- Application and Database Security
- Border Defense
- Data Security
- Access Security
- Wireless Network Security
- Secure Account Management
- Personnel Security and Training
- Incident Response
Even if it is ideal to prevent any security breach in enterprise information systems, it is imperative for today’s cyber security world to detect such breaches. Therefore, Security Information and Incident Management components that are used for institution and organization infrastructures, have become an important building stone. This Consultancy service analyses the as-is situation of Security Information and Incident Management component that is used for institution and organization infrastuctures and aims at creating maturity model levels as per Skill Maturity Model and effectively using Security Information and Incident Management component according to such levels.
Storage of information on confidentiality, integrity and accessibility principle is one of the fundamental essentials for institutions and organizations. For this purpose, data that constitutes the information needs to be classified and security checks need to be applied according to such classifications. Data Leakage Prevention Consultancy intends to run an as-is analysis for the information and information functioning on enterprise infrastructure and to create maturity model levels according to Skill Maturity Model and to use Data Leakage Prevention technologies effectively according to such levels. This method aims at detecting and preventing any possible data leakages and security breaches.
Definition:
- It is the role assigned to provide consultancy in minimizing the risk by overlapping the security needs of our customers with the business needs.
- In designing efficient and efficient security infrastructure; In the design process, consultancy is provided to take into account the compliance with technology, laws, legislation, policies and standards.
- By following current security threats and intelligence sources, consultancy is provided to determine strategies, to provide technologies and to apply methods to systems in order to prevent threats and attacks.
- The outputs of the activities of the different Cyber Security Operations Center (CSOC) are evaluated by combining the improvement activities, the urgent measures to be taken and reported to the related units.
Topics covered in this field are as follows:
- Safety testing activities
- Exercise activities
- Threat and risk analysis
- Continuous security monitoring
- Security technologies activities
- Audit activities
- Strategic Consultancy
- Cyber intelligence activities
- Data sharing security
- Cyber security operations activities
- Training and awareness activities
- Human resources activities
- Relations with third parties