Information Security Management

Today there is no company whose infrastructure is not based on TIC systems.

The growing need for companies to guarantee the security of the information they handle is a challenge when it comes to guaranteeing the integrity, confidentiality and availability of such data.

Inprosec uses the ISO 27001 standard as a reference for carrying out the audit of the information assets of its clients. The results of the audit allow to know the existing risks and define action plans to correct them.

Fully aware and involved with its area of expertise, Information Security Management, Inprosec is certified in ISO 27001: 2016.

Through a Director Plan, our team carries out the comprehensive advice, maintenance and improvement of the Security Management of a company on an ongoing basis during the provision of the service.

During this period, the existing security levels are maintained, improvable aspects of the company are identified and the lines of action (actions, projects and / or services) that can increase the security level of the company are defined. In addition, Inprosec takes into consideration the solution implementing costs, always offering the company the option which best meet its needs at minimum costs.

The duration of these services is around a year, during which Inprosec takes an active role in defining priorities, goals and objectives and achieving them.

The definition of a regulatory framework includes the elaboration of the company policies, regulation and procedures and any other document that is used as a frame of reference within the company. It also establishing the security measures applicable to the company’s information system, establishing ways of process the information and delimiting user´s rights obligations regarding the use of corporate technology. The main purpose of the company policy framework is to manage the risks that the organization faces up, allowing to take the accurate measures to mitigate the risks.

The company framework of Information Security is usually based on the international standard ISO 27001 and its good practices defined in ISO 27002.

The penetration test is an auditing method which is carried out in order to check your systems resistance level to intruders (“hacking”).

It can be:

• • • Black box: The client gives no information at all about the system which is going to be audited.
    • White box: The client provides us with source codes, administrator accesses and all the information available.

There seems to be a widespread agreement on the fact that the weakest link in a security chain is the human component. However, the vast majority of companies do not actively work on this issue.

Whether you want to test the reliability of your employees, the effectiveness of the training given, or just want to have a real sample of the impact that would cause a crypto-locker virus on your system, the best way to find it out is to perform a Social Engineering attack or a Phishing test.

This service, which can be customize to client specifications, provides a lot of information about the current situation, and train users directly so as not to fall into these increasingly common traps.