DyktioSysIT

IT Systems are the means along which information can be distributed efficiently, economically, and effectively. Therefore, those IT Systems must be secure and have mechanisms that ensure the confidentiality, integrity, and availability of information. A plague of information-security threats are forcing organizations to ensure the security of their computer systems and networks. To deal with these

pressures, organizations must perform system & security audits to enhance their systems’ comply with corporate security & IT policy/ies and at minimum avoid common downtimes. Security is even more vital now that most corporate networks also link to the Internet. Today security is not defined by a good firewall, a file server structure and an antivirus subscription. Security vulnerabilities can be derived from the most unsuspected device and/or sub-system that are connected to the organization’s network. This could be from an IP telephone set to an un-patched SQL server. ASSURANCE IN AN INSECURE WORLD
If organizations must accept that they are never totally IT stable / secure — that it is inevitable a downtime will occur or an attacker will break into the systems — can there ever be assurance? Yes there can be, in a sense. Organizations still must be prepared for downtimes/attacks. They must build networks and systems that aren’t fragile. Fragile systems are those that collapse when a single system/s and/or security weakness is propagated. Below are a few suggestions for dealing with IT / security risks in an increasingly insecure world:
• Assign an actual value to IT / security risks. This will enable organizations to tell whether they are investing rationally to minimize risks.
• Think about how the organization allocates risk. Identify the single points of failure and those that could cause catastrophic losses.
• Don't be overconfident in IT platforms / security defences. Don't assume systems are stable / secure. Encourage people to look for flaws.
• Make realistic assumptions. Organizations can’t prevent all downtimes and/or security problems. Future problems may be different than past problems.
• Minimize complexity. Isolate critical components from the rest of the network and separate high-risk data from potential threats. Avoid adding complicated software and/or system features whilst not using a single line of defence
• Invest more in evaluation than design when examining IT systems. Evaluations will point out where systems are not stable and/or secure. A hacker will invest 8/10 of his time in evaluating the system and 2/10 to attack.
• Be sceptical. Assume products and services are vulnerable. Do not rely on default and/or expected deployments.
• Plan for trouble. Focus on how the organization will react if a security breach or downtime occurs. Set up audit records and put countermeasures in place. Perform downtime / pe*******on tests.
• Use both internal and external expertise. Organizations that rely solely on their in-house staff generally fail because they cut themselves off from ideas from outside sources. A balance of in-house outsource expertise is normally the best approach.

2. THE AUDIT PROCESS
An IT audit using policy-management involves four steps:
• Choosing or setting up a policy. Many industry-standard and in-house developed methods/tools will be used to help the organization develop/put forward a policy.
• Identifying the systems to be audited. A very important phase that will provide raw but valuable data to the IT process as security administrators and auditors will be determining which policy applies to which system/s.
• Scheduling or activating a scan. During this scan, software and otherwise tools will gather data from each machine over the network. Scans can be performed interactively or scheduled to run at a particular time.
• Presenting the report. Auditors are responsible for reporting the findings and presenting the results to the management.

3. IT ASPECTS / POTENTIAL HAZARDS / IT SECURITY POLICY / SYSTEMS TO BE AUDITED

In order for a security administrator to consider the computer environment as a whole and to implement adequate procedures to safeguard this environment, formal IT Policy/ies and procedures will enable official standard against which to measure compliance. With a documented and communicated IT Policy, users cater with care important security controls such as confidentiality and passwords. This will serves to decrease the risk that an unauthorized person may gain access to the system, in which case sensitive information may be used for unauthorized purposes, or the integrity of important data may be compromised.

• Formal IT / Security Policy in place
At the beginning of this review, we’ll attempt to ensure that all of the relevant issues and business practices for live networked systems will contain details about issues such as:
• Number of users.
• Required transaction types and volumes.
• Minimum acceptable response times.
• Maximum acceptable failure rate.
• Overall availability required.
• System and user support needed.
• Access control over users and privacy controls.
• Logging of activities and system accountability.
• Data encryption. To develop a security clear IT infrastructure, ALL network devices (physical and logical) have to be closely examined with a variety of assessment tools (Interviews; Network scanning; Pe*******on tests ;) to include the following aspects at minimum:

• Servers
o Active Directory;
o Operating Systems;
o High Availability Systems;
o Supporting Sub-systems (backup; antivirus; monitoring etc);
o Databases;
o Applications;

• Workstations
o Operating System;
o Sub-systems;
o Applications;

• User Management / Access Control Rights (Physical – Logical)
o Domain
o Applications
o VPN
o Quota

• Password Management
o Active Directory
o Applications
o Interfaces
o Firewalls
o Routers
o Network Devices
o Remote Control Systems

• Web and Email Management
o Access to unauthorized/unsolicited content
o Whitelists
o Anti-Spam; Anti-Malware



• Firewall devices
o System Design;
o Rule Base Implementation;
o Subscriptions;
o Thread-shield;

• Intrusion Prevention/Suppression Systems (Physical – Logical)
o System Design;
o Security Sensors;
o Subscriptions;
o Line/s of Defence;
o Pe*******on Tests;

• Router devices
o System Design;
o Backups;
o SLA;

• Backup
o System;
o Methodology;
o Tape Management;

• WiFi Devices
o System Design;
o Encryption method/s;
o Availability;
o Exposure

• Web Online Access
o Identify relevant Applications (eg Email; Online reservations etc)
o System Design;
o Encryption method/s;
o Availability;
o Exposure - Risks;

• VPN Users
o Encryption method/s
o Accessibility;
o Availability;
o Exposure - Risks;

• VPN Offices
o Encryption method;
o IT Deployment and controls in place
o Accessibility

• Remote Control/Monitoring/Management Systems
o (LogmeIn - TeamViewer – VNC – PCAW – GoToMyPC – NetOp – DameWare – Remote Desktop; SNMP; Network Monitoring/Management Tools)

• USB & other Mass Storage Removable Devices
o Willing or Unwilling exposure of sensitive info and/or backdoor introduction of security threads

• Change Control / Management
o Active Directory
o Applications
o Databases
o Interfaces
o Firewalls
o Routers
o Network Devices
o File Systems
o Providers (eg ISP; SLA;)

• Systems Patch Management
o Active Directory
o Applications
o Databases
o Interfaces
o Firewalls
o Routers
o Network Devices
o VoIP Systems


• Physical Security and Access Control
o Network equipment and Patch Panel exposure user accessed space/s
o Computer room/s Access control and Log File
o Ventilation in place
o System monitoring in place
Humidity /airflow / water / smoke /sound /remote surveillance
o Fire prevention and suppression system
o Ensure the integrity, labelling and documentation of the cabling infrastructure;
o Intrusion Prevention/Suppression Systems
o Remote Access Control means

• Logical Security and Access Control
o Network Mgt (monitor utilities Re overall performance of the LAN, WAN, and WLAN.) o Open Manage means
o Control of users' rights, passwords, and group policies (AD; Applications; VPN; File System). o Control of AD Global policies. o Check the status of security providers (i.e Active Directory, Firewall; Routers; Gateways; WiFi; Surfcontrol, ISP; Database; etc). o Perform a change control process (for any upgrades, updates, and changes)
o Antivirus (engine is running on every machine and it is updated – daily scan). o Check Remote Users logs
o Server Even Log examination
o Intrusion Prevention/Suppression Systems
o Database monitor
o Disk status and space monitor
o Software Licensing

• UPS and Backup Generator
o Monitoring and Testing
o UPS Auto shutdown
o Balance of UPS lines

• Personnel
o Role and computing work allocation – profiles; policies. o User Training (OS, Office, Application specific, policies)

• Licensing & Subscription/s
o Systems', Servers', and workstations' software installed is licensed and SLA covered.

• VOIP Servers / Sets
o Systems', Servers', and set software installed is patched and SLA covered.

• Disaster Recovery – Contingency Plan

• High Availability
o Critical Systems identification
o Continuity of IT operations

• Network Printer Servers
o Firmware upgrades

DyktioSysIT proposals aims mainly towards the improvement of the throughput, security, functionality and robustness of a company’s current IT System Security infrastructure. MAINSTREAM
Furthermore DyktioSysIT as Dell partner in the Cyprus supplies and supports the complete range of Dell’s solutions, including:
• Servers, Storage & Networking (workgroup, departmental, enterprise)
o Rack Servers
o Tower Servers
o Blade Server Solutions
o Shared Infrastructure.




• Storage (workgroup, departmental, enterprise)
o Dell Compellent
o Dell EqualLogic Networked Storage
o Dell PowerVault Direct Attached Storage
o Dell PowerVault Data Protection




• Networking (workgroup, departmental, enterprise)
• Laptops, Tablets & Mobile Workstations
• Desktops, Workstations & Thin Clients
• Monitors




DyktioSysIT is also the local partner of MobileIron Inc. and this this the BYOD concept is addressed both securely and coherently.
•
• Mobile Device Management
• Mobile Application Management
• Mobile Content Management
• BYOD
• BES Replacement
• Mobile Security
• Android for Business
• Scalable App Delivery
• Multi-OS Management


Agreements with local and international vendors enable DyktioSysIT to supply and support software, security and communication products, from leading international vendors, such as operating systems, firewalls, VoIP, switches, routers, and any other communications equipment necessary in today’s highly networked business environment. All our hardware and software offerings are coupled with our superior service and support offered by a number of highly qualified and specialized system engineers. DyktioSysIT’s service and support offering includes:
• Systems Integration
• Installation and Configuration
• Training
• Support and Maintenance




DyktioSysIT’s service and support offering includes:
• Systems Evaluation and Integration Consultations in relation to:
• Servers (Operating System / Hardware, Resiliency),
• Backup system and methodology,
• Antivirus system, upgrades/updates,
• Security (computer room, UPS, systems and data),
• Internet (Firewall, access means, ISP, Services (browsing, e-mail), domain, monitoring),
• Network Backbone and cabling infrastructure,
• Workstations (Operating System / Hardware),
• Personnel roles, training and responsibilities,
• Licensing (Servers, Workstations, Antivirus, Utilities),
• Disaster Recovery Plan – Contingency Plan,
• Installation and Configuration
• Support and Maintenance

On behalf of DyktioSysIT Ltd, we would like to thank you for the opportunity to provide for your IT needs. We trust that you will find our proposals satisfactory and look forward to the pleasure of implementing the agreed scope of work. If you have any questions or need additional information, please feel free to contact us by telephone on 25870496 or via e-mail at [email protected]
We shall be delighted to offer you with our assistance!