Security has become one of the most critical areas of IT world. However, it is often not quite well understood that security breaches are not caused by technical details or specific technical exposures; but rather by the style of work and internal processes of a company . INFRASEC, whose mission is to fill this gap which is widely present, provides support in the areas below, with its deep expertise in IT security
- Creating Security Policies, Standarts, and Procedures for companies; reviewing and improving the existing ones.
- Security analysis of all IT processes (application development, systems operations, DB administration, batch operations, incident and problem management, outsourcing..etc) and designing new and secure processes.
- Building, or re-designing IT Security Department, with well-defined roles and procedures.
- Establishing an efficient security analysis and reporting mechanism
- Preparing companies for ISO 27001 certification
- Analysis and support in cybersecurity
- Technical support in Mainframe Security
In Halkbank, one of the biggest public banks in Turkey, implementation of CA-Cleanup product, to discover and clean the useless (orphan) records in the Mainframe RACF security database, which were causing a security exposure and a performance overhead (2008 – 2 months)
Project conducted in Havelsan, one of the biggest integrators in the civil and military public sector, to obtain ISO 27001 IT Security Certification:
- Review and re-design of all IT processes from a security standpoint
- Definition of IT security flows and procedures
- Design and implementation of an IT Security Department with well- defined roles, functionality and necessary related tools
- Preparation of a medium and long range IT Security Work Plan and starting to execute it.
- Applying for ISO 27001, and obtaining the certificate (2011 – 2012)
In the context of a 2-year IT Management Consultancy:
- Preparing the holding’s Security Policy, Procedures and Standards
- Solving the security exposures by providing and implementing the right tools, in the areas below:
- URL filtering
- DLP (Data Leakage Protection)
- SSL VPN
- Identity Management (2009 – 2010)