Fifteen years of experience in finance and telecommunications sector

SERVICES FOR LARGE ENTERPRISES

Request a quote!

HU

COMPLEX BUSINESS FRAMEWORK SYSTEM

COUNSELLING

 

RISK MANAGEMENT

It is common sense that businesses should evaluate their business risks. The standards (e.g., ISO27000) and the “best practices” (e.g., COBIT) also emphasize the importance of this issue. In many industries, a planned and systematic assessment of risks is a regulatory requirement. The document generated is an important part of business impact analysis studies.

 

Security.hu has been refining its self-developed, quantitative IT risk assessment methodology for fifteen years, which is essentially an interview-based method, but also includes audit elements if necessary. Our framework is currently being taught at several universities with high reputation. Our consulting staff has the most of the required qualifications (CRISC, CISA, CISSP).

 

 

 

REGULATORY ENVIRONMENT AND COMPLIANCE

The purpose of these policies is to implement the corporate processes to correspond with "bestgood practices" and legal requirements. Implementation certainly takes into account the particularities of a given organization, such as its technology, organizational structure, risks and business goals. According to this, our related regulatory services are necessarily a unique, practice-oriented and interview-based counseling. The policies we prepare always describe processes that are in existence and can be operated, to ensure their compliance.

 

 

 

BCP (BUSINESS CONTINUITY PLAN) AND DRP (DISASTER RECOVERY PLAN)

The BCP and DRP provide solutions in case of unexpected shocks, which affects the organization and cannot be fitted into standard business processes. Within the framework of this service, we prepare and test business continuity and data and service recovery plans. The BCP is usually tested via simulations, while the DRP is examined by a technological test. Each test, even successful ones, gives the opportunity to refine the plans. The BCP and DRP are living documents that are perfected over the years along the learning curve.

ANALYSIS

 

SECURITY TESTS

It is a common characteristic of the various safety tests, that compared to audits these are not regulation, but practice-based. Safety tests are real technical experiments carried out in the system in every case.  The difference between the tests is, what size of the system is affected, to what depth, and what prior knowledge the tester has. Because of the many possible variables, safety tests are rather problematic to be named properly. In the end, every test will be unique, which can only be appropriately described by a many-page strict agreement.

 

In spite of the above, there are basic types with more or less agreed content:

 

In order to perform a vulnerability: Assessment a full scope scanning is to discover exploits, weakpoints of targeted systems optionally having knowledge about their architecture. The vulnerabilities will not be exploited.

 

Penetration test simulates a possible attacker whose goal is to get into a vulnerable system and find at least one usable path through the defense layers to reach the targeted critical part of that. Obviously, all the vulnerabilities will not be discovered and exploited.

 

Ethical hacking is a widely used concept, but unfortunately, it is understood in many different ways. The greatest problem is, that none of the two words have a specific meaning. It is not really ethical because the boundaries of the service are clearly regulated by an agreement, not by any unwritten ethical rule. Hacking has been typically misinterpreted by the media. The word ‘hacker’ never had a negative connotation, but the media mixed it up with ‘cracker’ and the IT world simply gave up the fight. Most service providers, including us, call the combination of vulnerability and penetrations tests as ethical hacking.

 

Less informed customers usually believe that this activity only includes the simulation of an  malicious attack (penetration test), but these types of tests usually do not provide a wider-range picture, therefore after the clarification of the business needs, vulnerability and white box tests are also included.

It is noteworthy to mention, that Security.hu was there when this profession was born in Hungary and is still considered among the bests.

 

 

 

Audit

Audits are revisions when the functioning of the organization is compared to legal requirements, standards, internal regulations or best practice of the industry. This service includes internal audits, audit preparation, and support during external audit provided by our qualified advisors.

 

GDPR, PCI-DSS, ISO 27000

 

 

 

Gap analizis

The aim of evaluating the discovered audit findings is to map and understand the possible risks in detail in order to design a proper action plan. The findings of the gap analysis provide a beneficial agenda for the IT security and IT operations departments.

INTEGRATION

 

PROTECTIVE SOLUTIONS

Creating and customizing complex preventive and vendor independent IT security equipment plans by qualified and certified security engineers.

 

IDS, IPS, DLP, firewall

 

 

 

Elastic

The Elastic is one of the world’s most developed, open source, data analysis platform, which can search and analyze in any kind of document or data set with high performance. It is perfectly suitable for setting up central monitoring and forensics systems or can also be used to detect anomalies supported by machine learning.

 

Not only Elastic experts but real Elastic fans are working in our team, who believe it is their mission to make the most out of the platform.

 

System planning, customization, plugin development, operation.

 

 

 

UNIQUE SOLUTIONS

We have a coherent team of experienced engineers, consultants, and software developers who are open for technological challenges and special tasks. If you have an never seen dream in which  a  mixture of exotic tools and unique code lines make the world a better place, but you have never dared to talk about it, you will find appreciative and enthusiastic audience at our company.

 

Python, Java, .NET, PHP,  database programming and everything else.

SUPPORT

 

SECURITY SYSTEM PLANNING AND OPERATION

As quality cannot be included in a product afterward, it is not expedient to add security to systems later either. Whether it is a small application or even a complete corporate architecture, real security and reasonable costs can only be achieved if safety issues are considered during the whole design process. Security has to be infiltrated into the whole system; it is not enough to focus on border points or interfaces.

 

Architecture planning, patch management, L1 incident management, outsourced security engineers.

 

 

 

EDUCATION

Get to know the new generation of security awareness training to achieve real results in close collaboration with HR departments. The modular training system outlines an individual development plan for all employees, even for subcontractors. A separate course is available for new entrants, and additional modules are also available for different positions and levels of responsibility such as back office, customer relationship, system operator- and developer staff and also for management staff.

 

 

 

OUTSOURCED IT SECURITY OFFICER, ADVISOR, ENGINEER

On-site expertise and knowledge sharing from experienced IT security experts. Technology-based expertise combined with regulation-based skills. Complementary control of information technology. Security-oriented approach in IT projects, internal audits, observance of statutory tasks and deadlines, creation and supervision of controls and reporting for the management.

 

 

 

Security.hu is engaged to small and medium-sized businesses as well as to great enterprises leading in digitalization and provides tailor made business and certified technological solutions for these segments.

 2018 Security.hu All rights reserved!

1007 Budapest-Margitsziget
Danubius Grand Hotel

Sales: +36 (1) 888-2890