February 27, 2006
Budapest - Awareness test, electronic safety deposit box and information top manager. Starting from July, KÜRT Rt. has extended its offerings by three new information security elements – two unique software products and a new service. Preparation against unexpected IT events (incidents) is aided by KÜRT’s Security Awareness Test (SAT) service. This is connected with KÜRT’s own developed software preventing internal data stealth, Data Defender, the „electronic safety deposit box”. The third new element is DocMan, which is also a result of KÜRT’s development and which enables structured management of mass information. The company expects extension of its portfolio to increase its income by 10%. The software will be marketed in Hungary, Germany and Austria, and German and English language versions have been prepared in addition to Hungarian.
“Testing SAT”
It is important to prepare for incidents that may compromise system operation security even in the case of reliable IT systems.
Information security professionals regard all IT operations deviating from normal as incidents, such as virus attacks or internal attempts to steal data. The number of such incidents may vary from several hundred to several thousand daily in the case of an average organisation. These incidents should be evaluated and action plans should be developed in cases implying greater risk than is acceptable. All this means a task difficult to solve and a major burden for companies.
The number of organisations where events are handled centrally, according to a strict policy fully complying with security requirements is minimal. It is more characteristic that they monitor indications from one subsystem and, unfortunately, that such indications are processed and reacted upon only accidentally. All this implies the risk that expensively implemented security systems only achieve their goals partially and part of the risks believed to have been prevented still exist.
„KÜRT’s assessments carried out up to now have established serious deficiencies since, in most cases, there was no reaction or counteraction whatsoever on behalf of security system operators even in the case of serious intrusion attempts. Using our new Security Awareness Test (SAT) service, companies can find out the threshold of their security systems, that is, what attack level or incident induces operators to react.” – says József Kmetty, KÜRT’s Chief Executive Officer.
As a first step of the new service, KÜRT’s experts test lines of protection according to a certain script – using various special procedures in the course of examinations. Prior to the test, this script is received by customers in a closed envelope so that test attempts may be identified later by comparing them to security system log files. Based on the results, KÜRT makes proposals to modify incident management, be it a separate regulation, training of those concerned or a technical solution. Once these modification are effected, it is recommended to carry out another test to assess changes. Improvement of the responsiveness of a security system, that is, increase of security level can be measured unambiguously using this method, that is, comparison of previous results and results of the summarising test.
„It is very easy to steal data. That is, it was. Until now!”
Kürt Rt. developed the electronic safety deposit box, that is, its proprietary software, DataDefender, in order to prevent internal data stealth, a security problem of organisations without a solution until now.
Stealth of data is one of the most important threats among risk factors of IT security. KÜRT’s experiences, based on information security projects and security statistics, show that the majority of attacks and stealth attempts begin within organisations.
Attacks coming from inside are enabled by various interfaces of computers, ranging from floppy/CD/DVD drives to infrared, Bluetooth and network adaptors to USB connectors. Modern high-speed ports are especially dangerous, as well as data storage devices that can be connected and that can hold a huge volume of data in a very small size. Anybody (even an offended or a profit-seeking colleague) can copy a vast volume of data to such devices from unattended computers and then leave the organisation’s site unnoticed.
It is characteristic of today’s IT systems that it is required to grant users full access rights for a certain set of corporate data as it is necessary for them to perform their work. Operating system access rights management enables unauthorised persons to copy information. KÜRT developed its latest security software product, DataDefender, that is, the electronic safety deposit box to avoid such cases.
Client/server-based, centrally administrable and manageable, DataDefender can be used to prevent unauthorised data access on any workstation. Featuring built-in intelligence, this software product monitors all data movement on all existing output interfaces of workstations. DataDefender administrators can use a central management console to set which users or groups are granted which rights (for example, they may stipulate that users may only read from, but not write onto, pendrives). Meanwhile, usability of computers are not affected, other devices (mice, printers, etc.) connected to connectors continue to be operable.
DocMan, the information top manager
„You threw out the document you need yesterday!”
KÜRT’s experiences from its more than 200 information management projects show that implementing regulations is a cumbersome process. Despite new rules, there are a lot of users who still do not know the system at an expected level nor comply with provisions related to them. To operate policies, it is indispensable to have an appropriate documentation background that should be updated on an ongoing basis according to changes in the policy system and at pre-defined update intervals.
KÜRT developed the DocMan document management software due to these experiences and market demand. The primary goal of DocMan is to seamlessly introduce and operate organisational operation policies. Thanks to its management functionality, document life cycles and work processes can be created as wished and various tasks, responsibilities and deadlines can be assigned to these. The well-thought concept and functionality of DocMan, along with its parameters offering almost unlimited flexibility and its workflow type operation enable any document management process to be developed. KÜRT’s software also automates document-related processes, thereby minimising the possibility of errors due to human factors. Thanks to these features and in addition to being one of the most sophisticated document management software products, DocMan can play a significant role in organisations’ security systems and contribute to the success of information security projects to a large extent.
DocMan has been applied to BS7799, ITIL and ISO systems up to now.
„We were looking for a solution that could help manage and maintain our security and quality assurance systems on the same platform. DocMan proved to be a perfect choice.” - Rudolf Mandeville, IT Manager of the State Public Road Technical Information Kht.
Print page
