Customers: New trance Necklace; Mechanical engineering and instrument making Contractors: Jet Infosystems Product: Projects of external audit of IT and security (in tch PCI DSS and SUIB)Project date: 2018/11 - 2019/04
|
On May 15, 2019 the Jet Infosystems company estimated the level of security of assets and developed "road map" of development of information security of one of the largest players in the market of rail transportation and car-repair services of Novotrans Group.
The complex information security audit of holding which covered it the central office in Moscow and 4 car-repair enterprises in the Moscow region, Altai Krai, the Kemerovo and Irkutsk regions became the first stage of the project. Specialists of integrator studied key business processes, estimated the level of a maturity of cybersecurity processes, inspected all IT infrastructure, including segments of an APCS, and held testing for penetration. In total within the project 15 information systems were inspected. Specialists analyzed management processes and information security supports on two frameworks at once: ISO 27001:2013 and CIS Critical Security Controls. Testing for penetration took place in the red team format that allowed to show visually actions of potential group of malefactors in case of a difficult purposeful attack to Group.
The project is caused by centralization of our business. Assets are carried through the whole country, each affiliated enterprise has specific features — it concerns both competences, and infrastructure, and cybersecurity processes. Therefore for us it was important to see a complete picture of security to create the IB-optimal model of threats considering specifics of each enterprise. Specialists Jet Infosystems approached this task systemically, having shown strong examination in complex projects. Yury Krinitsky, head of department of corporate security of Novotrans Group
|
Based on the carried-out works the project team localized the available shortcomings of the system of providing Information Security and defined the related business risks. Together with representatives of Novotrans Group specialists of integrator planned target value of level of a maturity of processes of information security of holding and developed detailed "road map" with perspective for three years.
'Road map' was developed taking into account possible changes in business processes and implementations in an IT landscape of holding of other technologies. In fact, we offered target system architecture of management and providing Information Security which is easily scaled on each operating affiliated enterprise of Group and the newly created organizations. We hope that this project will become an impulse to further cooperation. Pavel Volchkov, head of department of consulting of Information Security Center of Jet Infosystems company
|