Security
One of the most overlooked, least understood yet most critical issues of
information technology is systems security. It is not enough to have a good
designed system available with fast response but also a correctly maintained
one. Given that sixty percent of successful intrusions are from internal
individuals or partners, organizations have to have a multi-pronged approached to securing
resources from both the outsiders and insiders. A simple firewall deployment on
its own shall have little effect in fully securing a network or even a single application.
Organizations are realizing that there are no silver bullets. No single off the shelf product will secure your networks and applications. The solution lies in creating a comprehensive strategy covering all your assets and related risks. This then needs to be implemented in company wide policies covering all your hardware, software and especially the people who make use of them. Information security is not a purely technological issue but one which must take into account the extent of human behavior over time in a systematic approach.
While all organizations share the same risk certain organizations have more to loose. Similar to the Sarbanes & Oxley act of the US in 2002 the EU is evolving and integrating its own data security and compliance procedures governing how information is collected, used, and shared. The launch of European Network and Information Security Agency (ENISA) on 15 March 2004 as well as heavy funding of security related projects in the FP6 is a sign Europe is taking information technology and its security very seriously. 2005 EU resolution ordering telecoms to store past client history for extended periods have also tied the physical aspects of fighting terrorism into the same story. The convergence of technologies and integration of telecom and data networks has brought an surge in the need to monitor and secure an increasing amount of information.
These issues apply not only to financial, healthcare and telecommunication institutions but all sectors. As Turkey moves ahead to join the EU she also needs to follow suit both in public and private sector information security.
Our offerings range from basic vulnerability assessment services to detailed company-wide security policy making, application auditing and outsourced administration. In a typical full security package we will help clients develop a multi-tiered security strategy and matching policy based on their risk assessments. We then implement this policy through best of breed hardware/software solutions addressing multiple threats. Regular upkeep and passive monitoring follows as a feedback mechanism alerting us to a violation or insecurity needing corrective action. Security is a multi step process of defense, intelligence gathering, danger mitigation and prompt remedies in a constantly changing environment.