Developers: | Diasoft |
Date of the premiere of the system: | 2024/11/11 |
Branches: | Information security |
Technology: | IT outsourcing |
Main article: Pentesting (pentesting)
2024: Presentation of the "Information Security Service"
Diasoft will help detect vulnerabilities and conduct penetration testing. The company announced this on November 11, 2024.
Financial institutions are subject to requirements for vulnerability analysis and penetration testing in accordance with Bank of Russia Regulations No. 683-P (clause 3.2), No. 757-P (clause 1.4.5), as well as GOST R 57580.1-2017. Similar requirements must be fulfilled by personal data operators (PD) and subjects of critical information infrastructure (CII), this is recorded in orders No. 21, 235 and 239 of the FSTEC of Russia.
To implement these requirements, Diasoft specialists offer a turnkey service that allows you to ensure a full cycle of vulnerability management and comply with legal requirements.
Within the framework of the service, the process of processing vulnerabilities, the procedure and timing of their elimination are formed and documented, control procedures are recorded. Separately, the area of infrastructure that is subject to the above regulatory documents is determined.
Instrumental checks include penetration testing (penetration tests), which is a simulation of the actions of a potential attacker inside or outside the protected perimeter. The focus of the study is the possibility of exploiting certain vulnerabilities, the possible depth of the attack and the operation of protection tools during its implementation.
The service also includes vulnerability analysis, which allows you to assess how ready the organization is for attackers to attack, and testing using social engineering methods. The emphasis is on solving the problem of timely elimination of vulnerabilities and increasing the level of awareness of employees.
The implementation of instrumental security assessments and penetration testing as part of the Diasoft service includes:
- definition/identification/verification of the verification area;
- coordination of practices and tools, unacceptable events during verification;
- date fixing;
- formation and fixation of the vulnerability management process;
- Record report requirements.
When testing for penetration, the main result of the service is a documented vulnerability management process and a report that can be one-time or periodic. A separate part of the report is a list of measures to increase the level of maturity of the vulnerability management process and the use of information protection tools. Compliance with the recommendations will allow compliance and reporting requirements in the field of information security.