COMPREHENSIVE AUDIT AND INFORMATION SECURITY STRATEGY DEVELOPMENT
GOALS AND OBJECTIVES
Global business digitalization.
Assessment and processing of information security risks associated with the implementation of an IT strategy for digitalizing business lines.
The first stage of the project involved an assessment of current levels of enterprise security. In order to achieve this aim, Jet Infosystems specialists conducted a comprehensive information security audit covering the central offices and production sites for four business lines. This audit involved the examination of 16 information systems and 4 automated process control systems (APCS). Based on audit results, Jet Infosystems specialists and experts from the agricultural holding worked together to design a 5-year strategy for information security development.
The ISO / IEC 27001: 2013 international standard was chosen as a process framework. For a more detailed study of architectural fluctuations, the Kill Chain concept – which describes universal scenarios for malicious activities – was also taken into account.
The long-term information security strategy which was developed also includes control mechanisms; the maturity level of information security processes is reviewed annually using GAP-analysis. Jet Infosystems Information Security Center experts ran the first of such analyses in time for year-end 2018.
This first audit became a starting point for further cooperation with this business leader on the Russian agricultural marketplace.
Number of information systems surveyed during the audit phase
Number of APCSs examined as part of the audit
Period for the long-term development plan
IS standard chosen as a process framework