In the area of security, RECRO offers consulting services and technological solutions for the protection of User network infrastructure, i.e. for the resolution of specific security issues. The User network infrastructure and its protection are primarily based on the Cisco Systems products (a company that recognized us as its Gold Partner). RECRO is also a holder of the Advanced Security Specialization.
Our portfolio of security solutions also offers the solutions of our OpenTrust Partner for the construction of the public key infrastructure (PKI). For network security control, real time log analysis and early security alerts RECRO uses the solutions of its TriGeo Partner, whereas to provide maximum network protection against Internet threats RECRO uses Arbor Networks solutions.
In addition to technological solutions, we also offer security consulting services, which include the following:
- Security risk assessment
- Security policy development and review,
- Assistance in compliance with ISO27001 standard,
- Analysis of device configuration, system design and penetration tests.
As a result of our consulting services, the Customer obtains a report with recommendations how to eliminate any potential weaknesses and implement corresponding solutions.
Due to a team of certified experts working for and cooperating with RECRO, we can timely eliminate any potential weaknesses and offer our custom-made solutions.
In important applications (e.g. an access to financial or personal data), the User needs to establish a rigorous control over the identity of persons accessing these applications. It commonly implies a User Name (the User identifies him/herself as a person X) and a Password (I am really a person X because I know the password). This control system is simple and apparently very cost-effective.
IT System Security Audit
IT systems are fairly complex, composed of a few interconnected units commonly maintained by different in-house people or departments, but very frequently there are external companies hired to maintain some parts of the system, like the network and applications. The staff then spend more office hours on system maintenance and troubleshooting and less on the introduction of new functions.
Security Testing (PENETRATION TEST)
The IT systems are fairly complex, composed of a large number of interconnected and dependent segments, and IT technology and Customer requirements change frequently and rapidly. Concurrently, implementation deadlines are increasingly reduced, and consequently, IT systems become vulnerable to malevolent attacks.
Business Continuity Management (BCM)
Security incidents are constantly increasing, whether in the context of global climate changes, progressively frequent large scale disasters, or political and economic turbulences resulting in catastrophic damages due to terrorist activities. In addition to the above mentioned hardly foreseeable threats, the organizational and technical infrastructure is subject to design and implementation weaknesses and vulnerability, which can be used to inflict damage.
Information security management during the information lifecycle inside the organizational information system is a complex and demanding process, almost entirely dependent on specific guidelines provided by renowned professional organizations and legislative regulations. The Croatian standard for information security management systems, HRN ISO/IEC 27001:2006, is a replica of the international standard under the same name, which in fact includes a set of rules to provide organizations with information security guidelines.
Information System Risk Assessment
The area of information security in its essence is a response to business instability triggered by a number of internal and external factors. Inherent vulnerability of information resources, systems and processes represents a constant organizational threat as these weaknesses can be used in different threats, which could result in profitability disturbance, loss of reputation, etc.