BT Yönetim Sistemleri

ISO 27001

What is ISO 27001 Information Security Management System?

ISO 27001 is a systematic approach that aims to establish, standardize and certify the "Information Security Management System (ISMS)" to protect the private, sensitive and essential information of companies. The basis of the ISMS system is based on the classification and sensitivities of the assets and information within the company. assets; physical, real and legal persons (employees, customers, suppliers, company image), software, information and services received. With this classification, ISMS; It covers employees, all kinds of critical information assets for the company, all kinds of important and confidential documents in written or electronic media, business processes, business continuity and information technologies for the company.

If we talk about its history briefly; The ISMS methodology, first published by the British Standards Institute (BSI) as BS7799-2, was later accepted by ISO (International Organization for Standardization) and published as ISO/IEC 27001:2005. In addition, in BS 7799-1, another standard published by BSI, the controls to be used in ensuring information security are explained in detail. This publication was also accepted by ISO and published as ISO/IEC 27002:2005.

Since 2013, the ISO/IEC 27001:2013 version has been used and certified.

What does ISO 27001 Information Security Management System Bring to Your Organization?

Today, without an effective "Information Security" infrastructure, no institution or organization can protect its image, its trust in the market, and therefore its existence for a long time. By means of ISMS, you guarantee the trust of the relevant parties, especially your customers and important suppliers, regarding information security. Most importantly, you document that you see "Information Security" as an important part of your business processes and have put it into practice. You care and keep your "Information Security System" alive in your company at every level and in your business processes.

In this context, if we summarize the benefits of the ISMS system;

What are the valuable information assets in your company become clear, information assets begin to be protected at the highest level by each employee.

★ Actions to be taken to protect these information assets, whether in written form or in electronic form, are determined. Necessary measures are taken at the highest level.

★ Keeping critical information confidential and protected puts you, your employees, customers and suppliers at ease. It improves your cooperation, synergy and therefore increases your productivity.

★ Scenarios and leveled sanctions are determined, shared and implemented for information security violation situations that may be caused by people consciously or unconsciously.

★ Your institution's critical information assets are evaluated separately in terms of confidentiality, integrity and accessibility under identified threats and necessary measures are taken.

★ All actions related to the processes, information integrity and business continuity in your organization are audited. Disaster scenarios are prepared and exercises are applied. Within the scope of these scenarios, business continuity is audited. What needs to be done and deficiencies are determined. These are completed and improvement is achieved.

★ Your company's credibility and value in the market increases.

★ Thanks to this system, your information is secured. Absolutely no detail can be left to chance and risked, so that all kinds of disaster scenarios are prepared.

★ With the “Authorized Economic Operator Application” published by the TR Ministry of Customs and Trade, you will be ready for the applications that enable your company to carry out your customs transactions easily. The Ministry of Customs and Trade has determined ISO 27001 as a prerequisite for the "Authorized Economic Operator Practice".

★ You will be one step ahead of other companies in public institutions or private sector tenders. Today, having the ISO 27001 standard is sought as an important prerequisite for important tenders in many business lines that concern the "Information Security" infrastructure.

ITIL® is a registered trademark of AXELOS Limited, used under permission of AXELOS Limited.
The Swirl logo™ is a trademark of AXELOS Limited, used under permission of AXELOS Limited. All rights reserved.

PENETRATION

What is Penetration Testing?

It is trying to infiltrate all network infrastructures, servers, hardware, software and applications that make up your company's Information Technology Systems and reporting all these processes. The aim is to report and improve security vulnerabilities that companies are not aware of.

What are the Benefits of Having a Penetration Test for your Institution?

Penetration tests performed by competent experts are very, very useful for companies. First of all, companies become aware of their shortcomings and begin to take effective measures against all kinds of internal and external dangers.

If we talk about the benefits briefly;

Information security awareness in your company increases. With top and middle management, your employees begin to become more sensitive.

★ You know the gaps in your IT infrastructure (all hardware and software), and you can take the necessary precautions without wasting time and without encountering a threat.

★ You will be more ready and safe against internal and external attacks on your information systems.

★ You can better manage your risks. You can foresee risks such as stopping your systems or slowing down due to resource shortages and take the necessary precautions in advance.

★ You secure your business continuity.

★ You can provide an Information Technologies infrastructure that is more resistant to possible attacks.

★ You ensure that the prestige and brand value of your institution are protected.

DDOS

What is the Purpose of DDoS Attacks? Why is it done?

★ DDOS Attacks are not intended to infiltrate systems! It is to disable the systems and the means of access to them.
★ Web sites, E-mail services, banking systems, telephone systems, etc. to ensure that it does not work.
★ If a person or group who is obsessed does not find a security vulnerability in the systems, it can be done for harm.
★ Someone who doesn't like your company can do it.
★ It can be done for political and political reasons.
★ It can be done for commercial reasons.
★ It can be done for boredom, charisma or betting purposes.

Misunderstanding about DOS/DDoS

★ Our Firewall alone blocks DDoS
★ Our IPS alone blocks DDoS
★ Linux is more resistant to DDoS
★ We also have a DDoS blocking product, we are protected! Is it structured? Has it been tested?
★ Hardware-based firewalls block DDoS.
★ We have antivirus software
★ DOS/DDOS cannot be blocked anyway

What are the Benefits of Having a DDOS Test for Your Institution?

Penetration and DDOS tests performed by competent experts are very, very useful for companies. First of all, companies become aware of their shortcomings and begin to take effective measures against all kinds of dangers.

If we talk about the benefits briefly;

★ All DNS, HTLML, HTTP, HTTPS, etc. running on the system. services are tested with DoS attack types using protocols and parameters that can be exploited, and you see your vulnerabilities and TAKE PRECAUTIONS !

★ You see the configuration deficiencies or errors that allow DoS attacks on your hardware, servers or systems, and YOU TAKE PRECAUTIONS!

★ You detect the errors or deficiencies of your web-based software, applications and databases, and TAKE PRECAUTIONS!

★ You know the gaps in your IT infrastructure (all hardware and software), and you can take the necessary precautions without wasting time and without encountering a threat.

★ You will be more ready and secure against attacks on your information systems.

★ You can better manage your risks. You can foresee risks such as stopping your systems or slowing down due to resource shortages and take the necessary precautions in advance.

★ You secure your business continuity.

★ You can provide an Information Technologies infrastructure that is more resistant to possible attacks.

★ You ensure that the prestige and brand value of your institution are protected.

COBIT

What is COBIT ?

COBIT (Control Objectives for Information and Related Technology) A framework that encompasses all IT functions and applications. If we describe it, we can compare it to an umbrella. When you evaluate the 34 processes in CobiT together, you cover every aspect of IT management. Therefore, unlike other standards, it would be more accurate to say that CobiT focuses on IT management (IT Governance), not on single or group IT processes. COBIT is based on control, not process. It is about what companies should do, but not how they should do it.

In short, COBIT; It is an IT governance methodology (IT Governance) that monitors, measures, audits and improves the compliance of business objectives with information and related technologies (Business-IT Aligment), results, effectiveness, integrity, efficiency, reliability, confidentiality, etc.

The History of COBIT

COBIT was first published by the Information Systems Audit and Control Foundation (ISACF) in 1996. Its principal publisher today is the IT Governance Institute, which was founded in 1998 by ISACA (Information Systems Audit and Control Association).

COBIT; It is shaped by ISO technical standards, management laws published by ISACA and EU, professional internal control and audit standards published by COSO, AICPA3, GAO4. These resources define COBIT in a way that ensures that it is independent of the information technology adapted to the organization, while at the same time ensuring that it is practical, ready to respond to the needs of the business.

COBIT provides source documents from COSO and SAC. COBIT takes the definition of control from COSO and the definition of information technology control objectives from SAC.

★ In 1996, the first edition of COBIT was published.
★ In 1998, management guidelines were added in the Second edition.
★ In 2000, the third edition was published.
★ In 2003, COBIT online version became available.
★ In December 2005, the fourth edition was published.
★ In May 2007, the current version 4.1 was released.

In Which Institutions Can COBIT Be Applied?

Thanks to COBIT Audit, management by objectives, control and governance approach, this control model gives very good results especially in sectors such as finance, telecom, banking and large IT companies.

COBIT, with its current 34 processes, is not a suit for every institution. In order to take all processes into account, its use in large and mature organizations provides efficiency and productivity. A QuickStart version is also available, which will make it possible to apply to SMEs. Or, only the necessary parts of COBIT can be taken and applied. However, these are not very recommended methods.

What Does COBIT Bring to Your Organization?

CobiT is used as an audit tool because it contains good practices that can be compared. It also facilitates the determination of the scope of the audit by listing the IT processes. With these features, it ensures that the scope and compliance criteria of audits conducted by more than one auditor in different companies can be evaluated in the same way.

If we talk about the benefits briefly;

★ IT ceases to be a support function, becomes one of the main functions.

★ You can integrate business objectives with IT objectives.

★ You will be ready for standards such as ITIL^®, ISO 20000, Information Security, ISO 27001.

★ IT processes and targets can be controlled and audited continuously with determined control points.

★ More because you use IT functions much more effectively ;
* Active,
* Efficient,
* Protecting confidential information
* Having integrity,
* It can be accessed and used at any time,
* Compatible and
* You will have reliable business processes.

ITIL^®

What is ITIL^® ?

ITIL^® (Information Technology Infrastructure Library) is a library created by bringing together the best IT practices and experience. In short, it is the "Information Technologies Infrastructure Library" that explains how to best manage IT services.

History of ITIL^®

ITIL^® was originally developed by the UK Department of Commerce in 1987. The purpose of its emergence is the desire to create a directive aiming to prevent different perceptions on IT management in the UK, especially in public institutions. It is even said to have been directly requested by Margaret Thatcher. Accordingly, ITIL^® V1 is developed. ITIL^® V2 is created in the 2000s. ITIL^®, which was published piecemeal until then, in the early 2000s, is transformed into a library in 8 books.

In 2005, ISO 20000 IT Management System was developed by ISO (International Organization for Standardization). ISO 20000 has made ITIL^® V2, a process-based study, a management system ground.

The life cycle and continuous improvement perspective formed the basis of ITIL^® V3 in 2007. With ITIL^® V3, the life cycle structure has been adopted. The life cycle in question is “Plan, Do, Check and Act”, also known as the Deming Cycle. The meaning of this cycle is that it covers all processes from the planning stage to the termination stage of IT services. ITIL^® V3 was released in 2007. The last version was published in 2011. As of 2011, the version numbers have been removed and are simply referred to as ITIL^®.

ITIL^® What are the Benefits of Implementing Your Organization?

Thanks to its process approach, it ensures successful communication between the customer, the supplier, the IT users and the IT department. ITIL^®, which is built on best practices and experiences, is widely used in the world and adopted as an accepted standard. ITIL^®, which is no longer a series of books giving advice on IT service management, has found application and been accepted all over the world with its best experiences.

The ITIL^® methodology can be applied to all companies, whether small or large. In companies whose main job is not IT, the only way to remove IT from being a money-wasting department is to have the services received from IT measurable, to speak the same language with the processes, management and business side.

If we talk about the benefits briefly;

★ You get higher quality IT Service in your institution.

★ More efficient use of IT resources is ensured. The need for new purchases decreases.

★ IT costs are significantly reduced.

★ Accessibility to IT services and employees increases dramatically.

★ The availability of IT services and the productivity of its employees become measurable.

★ Incorporation/preparation time of new projects, new software or hardware under the responsibility of IT into business processes is significantly reduced. Speed and quality increase.

★ The productivity of IT employees increases, the need for new workforce decreases.

IT CHECK UP

What is IT Check-Up ?

IT Check-Up; It is the service of expert consultants who have been a senior manager in the field of IT for years and know the best IT practices and infrastructures, inspecting the IT infrastructure of your companies and determining the points that need to be improved, corrected or completely changed.

In short, it is our service that takes an X-ray of the current situation of your company's IT services and shows practically how it should be the best, and whose patent belongs to us.

What are the Benefits of Having IT Check-Up?

IT Check-Up can be applied to all small or large-scale companies. In companies whose main job is not IT, the only way to remove IT from being a money-wasting department is to measure the services received from IT, to manage IT with processes, and to speak the same language with the business side.

If we talk about the benefits briefly;

★ You can see the current status of your IT Services very clearly. You can detect glitches.

★ You can integrate business objectives with IT objectives.

★ Your IT department's awareness of the importance, necessity and continuity of the services they provide increases.

★ You will receive higher quality IT Service in your institution.

★ You enable more efficient use of IT resources. New procurement needs are reduced and IT costs are significantly reduced.

★ Accessibility to IT services and employees increases significantly.

★ The availability of IT services and the productivity of its employees become measurable.

★ Incorporation/preparation time of new projects, new software or hardware under IT responsibility into business processes is significantly reduced. Speed and quality increase.

★ The productivity of IT employees increases, the need for new workforce decreases.

★ You can better manage all kinds of internal and external risks such as fire, earthquake, system failure, loss of information, information leakage, etc. In such a case, your critical business processes and functions work perfectly.

ISO 20000

What is ISO 20000 Information Technologies Service Management System?

ISO 20000 is a systematic approach that defines, standardizes and certifies the services provided in the Information Technology departments of companies. It is based on ITIL^®. ISO 20000 has made ITIL^® V2, a process-based study, a management system ground. In 2005, ISO 20000 IT Management System was developed by ISO (International Organization for Standardization).

History of ISO 20000

ISO 20000 Information Technology Services Management System; It was published by ISO (International Organization for Standardization) as an international standard consisting of 2 parts by ISO in December 2005, based on BS15000.

★ ISO / IEC 20000-1 is the original standard. Systems established according to this standard can apply for certification for ISO 20000.
★ The ISO / IEC 20000-2 standard consists of the explanations of the 1st part and the best practice recommendations.

The current version of the ISO / IEC 20000-1 standard was published in 2011 and the general name of the standard is ISO 20000-1:2011. In February 2012, ISO

20000-2:2012 (Remarks and best practices) published.

These versions are still being used and certified.

What does ISO 20000 Information Technologies Service Management System Certificate Do for Your Institution?

ITIL^® is a globally accepted methodology that defines Information Technology Services, ensures effective and efficient management of these services, and ensures that IT services are more seamless, accessible and continuous. In fact, ISO 20000 was based on this methodology and made it an internationally accepted certificate.

To summarize the benefits of obtaining ISO 20000 certification;

★ You get higher quality IT Service in your institution.

★ More efficient use of IT resources is ensured. The need for new purchases decreases.

★ IT costs are significantly reduced.

★ Accessibility to IT services and employees increases dramatically.

★ The availability of IT services and the productivity of its employees become measurable.

★ Incorporation/preparation time of new projects, new software or hardware under the responsibility of IT into business processes is significantly reduced. Speed and quality increase.

★ IT staff productivity increases and the need for new workforce decreases.

★ Avoids repeated handling of jobs/problems. Unnecessary work is eliminated.

★ You will be one step ahead of other companies in public institutions or private sector tenders. Today, having the ISO 20000 standard is sought as an important prerequisite for important tenders in many business lines concerning the "Information Technology Services" infrastructure.

ISO 22301

What is ISO 22301 Business Continuity Management System?

ISO 22301 defines the business processes of companies, determines critical processes, deals with all kinds of internal and external factors such as fire, earthquake, malfunction in systems, information loss, information leakage, etc. that may affect business continuity, and carries out "Risk Management" by taking these factors into account. It is a systematic approach that standardizes and certifies the "Corporate Business Continuity" infrastructure in line with its components.

History of ISO 22301

It can be accepted that the foundation of the standards related to business continuity started with the PAS (Publicly Avaible Specification) rules published by BSI (British Standards Intitution) in 2003. Later, this guide was withdrawn and an official standard “BS 25999-1:2006 Business Continuity Management: Code of Practice” was published in 2006. These rules are established to govern the management of various procedures, conditions and policies of business continuity management. The second important standard regarding the business continuity management system was published in November 2007. In this publication called “BS 25999-2:2007 Business Continuity Management-Requirements”, essential requirements for business continuity management are specified. This standard, which is a British standard, has been accepted as an international standard by 156 countries with the changes made as of 15 May 2012 and has been published as an ISO (International Organization for Standardization) standard with the name "ISO 22301:2012 Societal Security - Business Continuity Management Systems - Requirements".

This version is still being used and certified.

What does ISO 22301 Business Continuity Management System Bring to Your Organization?

“Business Continuity” is an indispensable concept especially for companies such as IT, Telecommunication, Banking, Finance, which carry out almost all their business in electronic environment. For this, investments are made at very high costs. However, most of the time, these investments are far from seeing the whole, they can only be for the current need. ISO 22301 will address all your business processes, identify the critical ones among them, classify them with risk management, and give you a holistic view.

To summarize the benefits of obtaining ISO 22301 certification;

★ Increases awareness of critical business processes in your organization.

★ Any possible or existing threat is determined. Its effects are determined and threats are prevented at the maximum rate.

★ The possible effects of interruptions in systems or processes are minimized.

★ It guarantees the correct operation of critical business processes or functions in case of fire, earthquake, failure in systems, loss of information, information leakage, etc., all kinds of internal and external factors or disaster situations.

★ You guarantee the trust of your company's stakeholders, your employees, especially your customers, on "Business Continuity".

★ Accessibility to IT services and employees is greatly increased.

★ The availability of IT services increases.

★ More efficient use of IT and Human resources is ensured. The need for new equipment and personnel is reduced.

★ IT investment costs are significantly reduced.

★ Your company's credibility and value in the market increases.

★ You will be one step ahead of other companies in public institutions or private sector tenders. Today, having the ISO 22301 standard is sought as an important prerequisite for important tenders in many business lines concerning "Information Technology Services" and "Business Continuity" infrastructures.

★ If you are a Service Provider IT company, you will be one step ahead of your competitors.

LIBRARY