Offer

Technical and Organizational Analysis

Date: 17.11.2021

Prepared by: Georgi Lazarov

Director Business Development

+359 896 82 22 82

[email protected]

Dear Mrs Stankina,

Thank you for the opportunity to present our offer for technical and organizational analysis and the development of a detailed report in order to determine the current state of all security systems processes currently operating in Sunotec Group.

The analysis aims to identify the security risks of the company’s IT systems. By using a holistic approach to defining the security strategy by covering human resources, business processes and technologies. This information can help provide additional resources and methods to increase the security of Sunotec Group’s IT systems.

The conclusions give a snapshot of the overall picture of Sunotec Group’s IT security.

Detailed analysis by areas:

L

Infrastructure - Includes analysis of data storage and communications, management and monitoring, authentication and perimeter protection;

L

Human Resources - IT Security Requirements and Assessments, Human Resources Research and Policy, Third Party Relations.

L

Operations - IT Security, security policy, patch and updates, data backup and recovery, good practices;

L

Applications;

An analysis will also be made of:

Information flows

Input and output vectors will be determined, according to which the information enters and leaves the organization. Recommendations for protection and optimization will be prepared.

Data location

The systems in the organization that contain or may contain data on their media will be identified. Determining used databases.

Access Rights

Evaluation of systems and applications user groups, access roles. We’ll review employee access cases in
the following processes:
➢ Joiner process
➢ Leaver process
➢ Mover process (relocating within the organization)

We’ll provide recommendations for the optimization of roles and rights to information, addressing increased systems protection by segmenting access levels and limiting privileges to the minimum necessary to perform job duties.

Monitoring 

We’ll verify procedures for documenting and monitoring access to information, and provide an evaluation of storage system meta information, terms and methods of protection and data backup history, resulting in recommendations for improvement.

Incident Prevention

We’ll assess possible security vulnerabilities in data processing and optimize the workflow, allowing the preventive identification and resolution of problems. This will minimize risk by increasing the security of the communication infrastructure, and by reducing the possibility of failures and breaches. We’ll develop a proposal for a complex technical solution to significantly increase organizational security, based on industry best practices.

Incident Response

Recommendations for increasing the effectiveness of emergency procedures (disaster recovery, data loss, or other failures due to an unscheduled event), damage assessment and perimeter restriction.

Part of our clients