2. S e c u r i t y S o l u tion & Services
S e curity Solution & Servic e s
If we take a look at the Organisations today, we can CROSSOVER Italy believes that Information Security With this view in mind CROSSOVER Italy developed
see that they face a new and important challenge Management is a systemic, holistic and dynamic a package of security solutions, within four main
to protect their information, their services, based on approach, that involves Organization, Processes, areas, that allow to our Clients to implement or com-
those information, and, at the end, their mission. Technology and People, with a continuous Program plement their Information Security program to man-
Improvement activity that addresses the protection age tactically and strategically the protection of their
The fragmentation of the Organization set up col- of information, throughout the life cycle of the infor- mission critical information.
laborations and sharing with many external entities, mation and its use within the organisation.
the new technologies, as Cloud Computing and
Mobile, and the new collaborative means as Social
Networking have changed the concept of “physical
boundary” making possible to have an “extended
enterprise” model.
But this new model, if makes available many inter-
esting opportunities, have also many risks for the
business because these new possibilities can make
available new attack vectors. Last but not least
there is the “human factor” that can be identified as
“insider threat” or wrong or missing behaviours (i.e.
through Social Engineering attacks).
Many new laws and regulations have been designed
to force improvement in organizational security, con-
trol, transparency, information retention and privacy
but Compliance not always means Security and our
opinion is that we need a new and more proac-
tive and adaptive approach to manage correctly all
risks that can threat the Company Information hav-
ing a run time evolution of the Information Security
Management System.
SECURITY
SOLUTIONS & SERVICES
2
3. S e c u r i t y S o l u tion & Services
C ROSSOVER Security Co n s u l t i n g
Information security is a top-down process requiring
a comprehensive security strategy that is explicitly
linked to the organisation’s business processes and
strategy. Security must address entire organisational
processes, both physical and technical, from end
to end.
Within CROSSOVER Security Consulting you can
find all necessary building block, that can be con-
sidered as foundations to start the implementation
of a formal security strategy by developing, deploy-
ing and maintaining a comprehensive set of security
policies that reflect the objectives of the organisation
and address each element of the strategy. As well
as specific procedures and standards along with
assigned roles and responsibilities, classification and
assignment of ownership of information assets and
assessments of risks and business impact analyses.
In this area of expertise you will find all the impor-
tant elements to set up or have a more effective
improvement of your Information Security System.
3
4. S e c u r i t y S o l u tion & Services
C ROSSOVER ICT Security
This area of expertise contain all building block to ad- Beside the specific security product selection and
dress specifically security technology and services deploy support, CROSSOVER Italy can provide you
matters. “Security is a process and not a product”, activities that are related to the control of the Infor-
we heard about this many times and we strongly mation Security Systems and that you can use to
believe in this sentence. However security products highlight vulnerabilities in the security processes (i.e.:
are necessary to put in place planned countermeas- incident management process assessment) or in the
ures or to tactically solve some specific problems. systems and organization (i.e.: vulnerability assess-
But we need to consider that every technological ment, penetration test, ethical hacking) as well as
solution can generate dangerous feelings of “false post incident activities as log analysis, attack track-
sense of security“ and that, to be effective, needs ing and forensic analysis.
other components as roles, responsibilities and pro-
cedures defined, information and training and physi-
cal security.
CROSSOVER Italy can help you in the identification
of the security products, “best of breed” on the se-
curity market, giving you all the necessary advisory
support to have an efficient and effective deploy of
the complete solution. As an example we can help
you to define how to manage your mobile phone
platform in your company guaranteeing the security
of information that is within them, understanding the
needs, defining the policy, procedures, the hw iden-
tification, the needed sw platform and providing the
training and awareness for all the users that need to
have those mobile phone.
4
5. S e c u r i t y S o l u tion & Services
C ROSSOVER Security Co m p l i a n c e
Security Compliance means to adhere to security
standards, law and regulations, and other require-
ments (ie. Internal policies, procedure...). Compli-
ance is, in some way, also strictly linked to the trust
that your company can have for the clients. Se-
curity Standards help to build a management sys-
tem around Information Security (i.e. the ISO 27001).
Standards are, generally, flexible, laws are not flex-
ible so your first priority should be on the safe side
of the law (i.e.. Data privacy protection). So if you
break the law compliance you break the trust and
you could put at risk your business also in this case.
CROSSOVER Security Compliance address the risk
of no-compliance and has all the necessary build-
ing block to perform compliance service assessment
for all most important security standards and local
law as well as we can provide an Unified Compli-
ance System in which, we can build a Compliance
Process around that specific standard or local law
providing a complete framework that could be filled
with the plug-in related to that specific compliance.
In this way you can have a really effective tool that
automatically could assess, in the same time, the
compliance to ISO 270001, PCI-DSS, Data Privacy
Protection, internal policies and procedures, and
many other.
5
6. S e c u r i t y S o l u tion & Services
C ROSSOVER Security Tra i n i n g
One of the greatest security threat come from
within. Today, in our connected word, the insider
threats are greater than ever. Technologies such as
social networks, mobile, blogs, and email increase
the organization’s internal security challenges and,
in some cases, employees unintentionally release
sensitive information (i.e. Social engineering attack)
without realizing the potential consequences. This
means that one of the most priority needs to protect
the organization from itself. So, the human factor in
security can never be ignored.
An effective Information Security Training and Aware-
ness Program is a continuous internal process de-
signed to change behaviours or reinforce good se-
curity practices that involve all employees.
CROSSOVER Italy can develop, design and deploy
a complete Information Security Training and Aware-
ness Program that helps our clients to manage the
risks associated with actions of people. The Pro-
gram will build starting from the needs and require-
ments and using the most adequate technologies
and techniques to make effective the program itself.
Specific evaluation metrics to measure the results
of the Program will be performed allowing, in this
way, to have the knowledge of the level of security
awareness of all the organization.
6
7. SECURITY
SOLUTIONS & SERVICES
w ww.crossoverweb.it - ww w . c r o s s o v e r w e b . e u
c o ntact@crossoverweb.it