Cyber security
Prevention is always cheaper than repairing damage
CYBER THREATS ARE AN INTEGRAL PART OF THE DIGITAL WORLD
94% of companies in the Czech Republic faced a cyber attack in 2019
In 2019, NUKIB (National Cyber and Information Security Agency) investigated 8,417 cases of attack
Cyber crime caused $ 6 trillion in damage in 2019
The number of cyber attacks is increasing by more than 20% per year
With the ever-advancing digitization of structures, the advent of fast 5G networks and the ever-increasing dependence on digital technologies, the danger of this modernization is naturally on the rise.
The issue of cyber security has become a completely independent and highly specialized technical discipline, whose primary task is to protect the digital environment of the target organization.
Contact us, we will be happy to help you choose the right solution.
CYBER SECURITY AUDIT
The cyber security audit serves to determine the degree of threat to the organization from current and future digital risks, reveals vulnerabilities in internal systems and examines the policy of cyber security management in the client’s environment.
The result of the audit of cyber risks is a summary report on the state of cyber security of the organization containing, in addition to a list of identified threats, also methodological instructions for their reduction or complete elimination.
Due to the different requirements and levels of cyber security in different organizations, we offer three levels of cyber risk audit – Primary, Structural and In-Depth. In specific cases, the audit can also be set individually.
PRIMARY AUDIT
The primary audit of cyber security is intended especially for small and medium-sized companies, or organizations whose data theft or shutdown of internal company systems will not cause significant damage to their property or the flow of operations. The audit focuses mainly on the protection of data and identities, accessibility of the environment and the backup system. If the primary audit does not reveal any deficiencies or these deficiencies are eliminated on the basis of the submitted recommendations, the organization is ready to face more than 90% of common cyber threats
STRUCTURAL AUDIT
The target group of structural audit customers consists of companies and organizations for which the very potential of the risk of data loss or blockage of digital systems is practically unacceptable. These include, for example, digitally controlled operations, where damage caused by downtime increases every minute, digital archives containing sensitive or otherwise irreplaceable data or systems for various reasons that do not allow for long-term loss of accessibility.
IN-DEPTH AUDIT
Primarily, state administration systems or critical infrastructure require security in accordance with the Czech Cyber Security Act No. 181/2014 Coll. or at least the minimum safety standard according to NÚKIB (National Cyber and Information Security Agency). Thus, an in-depth audit of cyber security does not only address the factual aspect of digital security, but also assesses whether the system complies with the above-mentioned standards or not.
CYBER SECURITY CERTIFICATE
Together with the summary report or after the elimination of deficiencies, the contracting authority shall obtain a level I, II or III cyber security certificate proving the achieved level of digital security of the organization. The certificate is granted for one year. If the contracting authority is interested in extending the certification, only an accelerated control audit is performed, which confirms the validity of the certificate for the following year. This extension by means of a control audit can be carried out a maximum of three following years and a corresponding audit must be carried out in full again the fourth year. Similarly it applies, if a control audit has not been performed no later than one year after the profit or renewal of the certification.
REMOTE CYBER SECURITY ADMINISTRATION
After obtaining any certificate, the contracting authority has the possibility, if its environment allows it, to request the establishment of remote cyber risk management. This is a service that usually requires few minor interventions in the contracting authority’s systems, but the organization gains professional supervision over cyber security management, and is also doesn´t need to undergo an annual control audit for the purpose of extending the cyber security certificate. The scope of the service is not standardized due to the complexity of the issue and the conditions are always set up individually.
PRIMARY AUDIT
The primary audit of cyber security is intended especially for small and medium-sized companies, or organizations whose data theft or shutdown of internal company systems will not cause significant damage to their property or the flow of operations. The audit focuses mainly on the protection of data and identities, accessibility of the environment and the backup system. If the primary audit does not reveal any deficiencies or these deficiencies are eliminated on the basis of the submitted recommendations, the organization is ready to face more than 90% of common cyber threats. The primary audit serves larger organizations as the initial documentation for a structural or in-depth audit, or as a proof of compliance with the conditions leading to the conclusion of cyber risk insurance for higher sums insured.
A PRIMARY AUDIT SHALL COVER MORE THAN 90% OF CYBER THREATS
-
Security and identity management (access)
- Data and documented repositories (data protection policy)
-
Backup system
STRUCTURAL AUDIT
The target group of structural audit customers consists of companies and organizations for which the very potential of the risk of data loss or blockage of digital systems is practically unacceptable. These include, for example, digitally controlled operations, where damage caused by downtime increases every minute, digital archives containing sensitive or otherwise irreplaceable data or systems for various reasons that do not allow for long-term loss of accessibility. The structural audit focuses, among others, on the elimination of risks from an attack conducted for the purpose of damaging a specific company and also on the physical security of the client’s internal digital structures. An environment free of defects detectable by a structural audit can be considered as real cyber-safe according to the highest possible standards and ready to obtain ISO 27000 certification.
THE STRUCTURAL AUDIT will examine RISKS AT ALL LEVELS OF THE APPROACH
-
Security and identity management
-
Policy of an access to sensitive information
-
Security of internal company applications
-
Physical accessibility and security of infrastructure
-
Reduction of internal risks of the organization (insider risk)
IN-DEPTH AUDIT
Primarily, state administration systems or critical infrastructure require security in accordance with the Czech Cyber Security Act No. 181/2014 Coll. or at least the minimum safety standard according to NÚKIB (National Cyber and Information Security Agency). Thus, an in-depth audit of cyber security does not only address the factual aspect of digital security, but also assesses whether the system complies with the above-mentioned standards or not. The in-depth audit also reveals details such as a physical accessibility of the communication network and its security against an attack by sophisticated devices, testing compliance with cyber security regulations by affected personnel or a possibility of entering malicious code by attacking devices within the organization. The elimination of errors at the level of in-depth audit essentially prevents the successful execution of an attack to the cybernetic environment of the contracting authority in order to cause greater damage.
IN-DEPTH AUDIT ACCORDING TO NUKIB (NATIONAL CYBER AND INFORMATION SECURITY AGENCY) RECOMMENDATIONS AND APPLICABLE LEGISLATION
- Comprehensive protection of access to the organization’s environment
-
Highest level of data and documentation security
-
Multilevel backup and system stability
-
Detailed analysis of safety management policy
- Maximum level of physical security of the environment
We will contact you
Do you need to discuss your intention with an expert? Find out if the given service is suitable for your company or get answers to questions or a price quote?
Contact us:
telephone: +420 602 779 893
e-mail: contact@altairsolutions.cz