SV Group Services Security

Security

Security design and implementation in information systems

Our experience of 25 years in working with large information systems has shown that the following general steps can be taken to solve the problem of security despite some specific features that different users (information systems) possess. These steps include the following:

  • Define what a user understands under the protection of the information system (including definitions of key terms)
  • Make a survey of the state of protection in a user’s information system, which includes:

–  The condition of the information infrastructure (hardware, software, firmware) per user’s location

– The state of information services (applications) in a user’s information system per location. A brief description of each information service. A brief description of hardware-software security procedures applied in a given information service and the information system as a whole. A brief description of back-up procedures. The description and condition of the back-up centre (if in existence)

– Collection, study and a short description of normative acts and standards regulating security elements in a user’s information system: commitments and responsibilities of employees, employee organization and training in this field, physical and technical protection, fire protection, crypto protection, anti-sabotage measures, business secret protection, procedures in case of breakdown or halt in the functioning of information infrastructure and/or information services, the state of HelpDesk, protection and the possibility of functioning in case of natural disasters, fires, and other extraordinary occasions, authentication standards (identification, password, authorization) – documents, flow of documents, supervision and responsibility of all those participating in the process, the existence and method of carrying out data and information classification according to the level and degree of secrecy and others.

The result of the activities is a document containing a description and analysis of the above elements

Write a normative act – the “umbrella” security document (we call it the Security Regulations Act) which defines the security policy in an information system. It will lead to passing a series of other acts and standards and undertaking a series of activities that will solve and regulate security in the information system in a detailed and efficient way.

Based on the study and analysis of the existing normative acts, standards, processes, organization and work technology in users’ information systems and adhering to the accepted international standards (UN, USA, BS 7799, EU, ISO 1799), the Regulations Act aims to do the following:

– Solve the subject of legislative regulation (comprised in the prescribed measures and activities

– Define the terminology and expressions used

– Determine persons responsible for security in users’ information systems (security bearers)

– Determine sources of threats to the information system

– Prescribe security measures and activities (the majority is contained in the Security Regulations Act)

– Prescribe supervision over security functioning in the information system, and other activities

 The resulting documents include:

  • Security Regulations Act
  • Explanation with the Security Regulations Act warning of the consequences (legal, working, financial and others) ensuing from the said Act
  • Draft proposal of writing and adopting the Security Regulations Act
  • List of acts, activities and standards ensuing from the Security Regulations Act (e.g. Instructions for issuing user identifications (passwords and certificates) and authorizations, Instructions for key management, Instructions for data integrity protection, Instructions for data classification according to the level and degree of confidentiality in an information system, Instructions for data exchange (online and offline) with other information systems, Instructions for the information system functioning in extraordinary and war conditions (back-up centre and similar), Annual personnel and resources plans, Training of employees and security bearers, etc.)

Upon adopting the security policy, and in accordance with the set aims, requirements, priorities and financial means, the user implements the security system. SV Group guides the user in undertaking minimal and necessary steps. Apart from its own solutions for security protection implementation in information systems, SV Group also uses the following IBM/Tivoli software products:

  • z/OS Security Server (RACF)
  • IBM Tivoli Access Manager for Operating Systems
  • IBM Tivoli Access Manager for e-business
  • IBM Tivoli Identity Manager
  • IBM Tivoli Directory Server
  • IBM Tivoli Directory Integrator

SV Group and the user test and verify the implemented security solutions in the information system jointly.

Develop long-term and stable relationships with our users, partners, employees, the owner and the social community.

Contact

By continuing to browse or by clicking “Accept All Cookies,” you agree to the storing of first- and third-party cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Read our.
Cookie Policy | Privacy Policy

Privacy Preference Center

Close