Just like every life cycle involves a planning phase similarly the Security Incident cycle also starts with a planning phase. The security arrangement is studied and plans are laid out to protect the IT infrastructure and data. Finding out threats and factors which cause vulnerability to the system is of prime importance. Penetration testing is carried out by forming red and blue teams. It is in the planning stage when an information security architecture is laid out, which is efficient, realistic and pertinent.
It is true that any business may face and will have to fight counter attacks by several unknown sources. In order to sustain in the long run, it is important to form defense strategies and strengthen the security architecture. Hence, security technologies are formed which consist of forming the right processes, to get rid of unwanted elements, implement safety filters to fight malware attacks, manage right of entry to data, protect web applications etc.. It is important to note that the term resist is used and not protect.
Business operates in a very volatile environment and it's not possible to resist all imposition attempts, therefore detection plays yet another important role. The company keeps an eagle eye at each and every level of IT infrastructure which includes network, application and data. Detection is of two types, namely extrusion and intrusion; both these types are used to gather logs and to perform change detection. Detection phase helps in collecting data, which is very important while studying the extent of mal-activities.
Once the violation has been found out, the next step is to hand over the issue to incident handlers which consists of manifold process such as to understanding the scope of the incident, getting to control the situation and most importantly getting rid of the attackers existence. This later leads to recovering from the attack. This phase acts as an input to the plan phase of the next activity.
Anything which is related to People, Technology, Physical, and Network infrastructures, our four key stages take care of them, especially the security.
- Our centres are taken care of by our security personnel 24 hours round the clock.
- All our employees/visitors are allowed to enter our premises using Biometric Fingerprint Access Control System.
- Our premises are guarded by supplementary access control devices and CCTV monitoring systems which makes sure, any illicit entry does not take place.
- We have specialized Fire preclusion and disaster evacuation plans and procedures to prevent loss due to damage and unforeseen events.
People and Culture
- Well trained staff members who comprehend clients' security needs.
- Lawfully binding privacy agreements for all team members.
- Only people who are directly involved in the project are provided with important information.
- It is made sure that SOS provides with tailor made training programs for clients who have some specific security protocols.
- In order to ensure that data is properly secured, Technology-driven detection systems are implemented.
- Staff is not allowed to carry external drives so as to prevent the theft of data.
- All workstations are implemented by Back-Up Drive Management and to avoid misuse minimum print permission is granted.
- All activities on the system as well as internet usages are monitored and audited.
- All PCs are equipped with network and window logins and PCs are secured by username and password. Also emails are secured with digital signatures.
- Desktop applications are fully secured and single sign in to the enterprise is made mandatory.
- 100% dismissal for business continuity:
- Optic Fiber cable is laid out and satellite communiqué is made operational so that less dependence on the internet.
- Power failure systems such as UPS and generators are brought into use in order to fight Power failure.
- In order to enhance privacy from peers, completely secured VPN Network is implemented.
- Security of data is of key importance, therefore effective amenities for administrative check, auditing and reporting is conducted.
- Latest anti-virus, software that detect and fight malware, anti-phishing programs, spam blockers, URL filters, and other standard protections are installed, so that workstations and networks do not get infected.