We manage not only to put the fire out, but effectively prevent it as well.
One of the big czech e-shops got several serious complaints from the Office for Personal Data Protection in relation to data security. The theft and abuse of customers' emails occurred after receiving spam messages. The company addressed AEC for help with solving this problem.
The preliminary technical analysis discovered a number of discomforting findings. After agreeing with the customer, we deployed a monitoring probe into the network that revealed the compromised server operated by attackers from eastern Asia within two days. We reacted immediately to the detected situation and we stopped further abuse of the client’s infrastructure.
This situation showed that the customer was not ready to solve these risks effectively. So we elaborated a complex risk analysis and, on its basis, we proposed a actual security measure and processes that will prevent similar situations from repeating themselves in the future. We drew up a security project and helped to put it into practice. The E-shop not only passed the subsequent check performed by the Office for Personal Data Protection, but also significantly improved the overall level of its security.
The Solution's Description
Information risk management services serve to assess the actual state of the IS security. It is an important information resource for ensuring the systems’ security. It serves as grounds for decision-making about security investments.
In this field we can offer you
A current status analysis – fast identification of weak spots and drawbacks in the security, proposal of recommendation for their removal.
Creating a model of the IS threats, its application – identification of possible systems' or applications' threats.
The IS risk analysis – complex identification of assets, threats and weak spots, risks' quantification that the system is exposed to, proposal of recommendation in the form of an ICT security plan.
Specialized audits and analysis focused on a certain area.
Among the major benefits of the services realization in the field of information risks management:
- Priorities determination for other investments and projects in the security area.
- Setting the optimal proportion between investments and achieved level of security.
- Gaining information about reached IS security level by an independent party.
- Identification of the risks and weak spots that threaten the company's key functions and assets.
- Creating grounds for drawing up the ICT security documentation in the company.
- Identification of threats, the type of data leak, privileges abuse, human error, etc., including possible abuse scenarios.
- Significant increase in IS security by the implementation of proposed measures.
- Gaining rationale for management decision on the allocation of funds to IS security.
We have lots of experience with project implementation for important companies in their branches, e.g.:
- Česká pošta, s.p.
- KBC Group NV Czech Branch
- OTE, a.s.
- ZUNO Bank AG
- ING Management Services s.r.o.
- GMC Software Technology
- Ministerstvo průmyslu a obchodu
- Úřad pro ochranu osobních údajů