Information security solutions
Data and information are valuable for many organisations. In wrong hands, they can pose a big threat to the whole organisation.
We see information security as a part of the whole information management solution of a company. Firewalls, user rights’ check, logging, reporting on attacks and other necessary features enabled by modern technology are embedded in solutions.
Information security is often wrongly defined as only data confidentiality – who can access data, and when and how can they do so. In fact, the concept of information security is wider and, besides authentication and confidentiality, also includes high-availability of data and the whole operational ability of a system, so that data would be in the correct format, unchanged and always available within reasonable time. Besides confidentiality, data movement speed and the availability of data are also very important for a user.
Information security very often overlooks a very important security threat to the whole system – the user him or herself. Human errors – whether caused by incompetence or malevolence – make up about 80% of all security problems. These can only be prevented and managed by supervision and procedural rules, which is why international information security standards focus on the procedures – rules – of guaranteeing security.
Two information security standards are mainly used in Estonia:
- Series of ISO 27000 standards
- Three-stage reference security of information systems.
The development of an information security system usually starts with risk analysis which helps to determine the scope of necessary protection. The process results in complete picture of protected data and systems, protection measures and guidelines for users and managers of a system. The core of information security system is information security policy, which is constantly being updated to be ready to face new risks.
Our information security solutions are based on software by Symantec and RSA.