You are here: Home / Clients / Completed Projects / Security Audit and Development of Security Policies of the Charity Fund

Security Audit and Development of Security Policies of the Charity Fund

Security Audit and Development of Security Policies of the Charity Fund

In 2009 GlobalTrust completed the project of examination of information systems and assessment of information risks of the charity fund being one of the largest operators of personal data in Russia. Based on the examination, action plan for risk processing was developed which included elimination of detected organizational and technical vulnerabilities of the Fund and assurance of compliance with the requirements of the applicable legislation and regulatory framework, including the requirements of Federal Law No. 152-FZ on personal data. A set of organizational and administrative documents governing the most important aspects of information security of the Fund was prepared in compliance with the risk processing plan.

In the course of this project GlobalTrust specialists performed the following work:

  • Identification of information assets, legal and business requirements to information security
  • Determination of value of identified assets taking into account the identified legal and business requirements to information security and the consequences of violation of confidentiality, integrity and availability of information
  • Identification of information security threats
  • Assessment of efficiency, reliability and completeness of the existing information security controls
  • Identification of organizational vulnerabilities of information security
  • Scanning of the external perimeter of the corporate network, identification and analysis of vulnerabilities
  • Scanning and analysis of internal IT infrastructure security
  • Analysis of security of the main business applications
  • Assessment of probability of threats and size of vulnerabilities
  • Risk calculation and ranging
  • Preparation of variants of solutions and recommendations on risk processing
  • Identification of the structure of developed documents and requirements to them
  • Development of a set of organizational and administrative documents on information security

The results of this work allowed the Customer to increase the security of its information systems and ensure security of personal data by implementing economically feasible system of protective measures, adequate to the existing risks and requirements of the current legislation in the sphere of information security.