Infrastructure & Security

Get Security in Infrastructure & Software

Because we care, we’re security aware

Background

Risk exposure to corporate information assets grows in silence, in the shadow. Over years incidents occurred, setting computer systems unavailable, corrupting valuable information, exposing confidential information, and resulting in major impacts and loss of revenues to organizations.

When caution arises over its danger the time to question also begins: Where are the major vulnerabilities? What can be the impacts? Which impacts may be accepted? What to protect? How to protect? How to prevent risk occurrence? How to introduce the security and risk attitude? What are the obligations? How to set up governing control objectives? How to ensure compliance to these objectives?

BuSI can help you in addressing this specific domain; for this purpose, BuSI has developed a complete offer in the security domain.

Applicable offers

The BuSI team, composed of engineers certified in ISSM, in IRM and in IT security practice can offer you a large panel of IT services and can specifically help you:

  • in assessing existing vulnerabilities
  • in appraising information risk exposure
  • in setting up consistent information security services
  • in managing information security governance and related projects
  • in the advice and the implementation of the secure infrastructure

Service Content

The services BuSI can offer you are described as follow:

  • Vulnerabilities identified by a 360° radar view exercise
  • Internal infrastructure assessment covering network and applications vulnerabilities
  • External penetration testing covering the performance of various levels of testing
  • Virtualization assessment
  • Data center physical security assessment
  • Risk identification and estimation
  • Risk treatment and process management
  • Business impact analysis
  • Information security organization & skills development
  • Information security policies
  • Information security strategy and mission
  • security program
  • Security architecture models
    • Identity & access management
    • Networks segmentation & access prevention
  • Business continuity with disaster recovery procedures
  • Awareness
  • Privacy control
Governance & compliance management; products and services conformance control; projects delivery value control; IT change management control.

Organization - Process

With a team of several engineers certified CISM, ISO 27799, ISO 27005, ITIL, CMMI, COSO, COBIT, ValIT, EBIOS, RiskIT, ISO19011 and members of ISACA and BISI for certain, the BuSI security Competence Center can address the majority of the topics related below:

  • Corporate governance & IT governance
  • Enterprise risk management and business
  • Continuity management
  • Information security management
  • IT service management & performance management.

The missions or projects in this domain can be covered by « Advice », « Audit », « Assessment », « Project in fixed price », « Training », « Coaching » or by a combination of one or more of this means.

The manner to operate consist in the following steps:

  • Firstly and considered like presales, to understand the customer needs and to identify the real IT requirements which will be summarized in a short document
  • To comment this document to the customer
  • To realize an audit survey into 2 to 5 days depending on the size of the domain to address, with recommendations and formal proposal (FP or T&M) in relation with gaps discovered
  • To realize the detailed service mission in a « fixed price » or « Time & Means » model with reports and action plan to recover the Security maturity to reach.
  • Others missions can be realized :
  • To insure compliance in phase with the customer security requirements
  • To operate the security management in « T&M » or in « Sourcing » mode

Packaging and pricing

The sizing of the « Security package » depends on the domain to address, the type of services required, the level of requirements and the architecture complexity.

Deliverables

All the missions are largely documented; for example:

  • 360° radar figure and comments
  • Summary and detailed reports on audit, assessment and advice missions
  • External penetration reports
  • Maturity reports, compliance reports
  • Architecture design (to be)

Quality

The certification of the engineers in several GRC disciplines and the successful projects or missions in the largest companies is the best quality gage. The fact that they can train, certify and coach the customer team is the second relevant quality and confidence warranty.

Copyright 2014 BuSI
Bitnami