HOW WE CAN HELP

TRC offers complex services and solutions in the area of information security and related business consultancy.

The majority of our references come from the corporate sector.

INFORMATION SECURITY CONSULTANCY
INFORMATION SECURITY SYSTEM INTEGRATION
OPERATION AND OPERATIONAL SUPPORT
PROJECT MANAGEMENT AND QUALITY MANAGEMENT

CheckPoint

All products of the vendor (Next Generation Firewall, Sandblast, Application Control, URL filtering, IPS/IDS,

HTTPS inspection, Antibot, Antivirus, Identity Awareness, QoS, VPN, Mobile Access, etc.)

Cisco

Cisco ISE (Context-based identification and access control)

Switching, routing

Security

VMware

Airwatch mobile device management (Enterprise Mobility Management)

IBM

QRadar log management (SIEM)

MaaS 360 (Enterprise Mobility Management)

Qualys

QualysGuard (comprehensive vulnerability management)

Web Application Scanning

Policy Compliance

Threat Protection

Checkmarx

Source Code Analysis

PUBLIC ADMINISTRATION

Information security audits,

Risk management,

Vulnerability management, legal hack, source code analysis,

Enterprise Mobility Management (EMM),

Log management, SIEM,

Compliance management,

Quality assurance of IT developments.

INDUSTRY AND PUBLIC UTILITIES

Information security audits, risk management,

Business continuity management and disaster management (BCM),

Vulnerability management, legal hack, source code analysis,

Information security control systems (IBIR),

Boundary- and network protection,

Enterprise Mobility Management (EMM),

Log management, SIEM,

Project management,

Organisational and process development,

Compliance management,

Quality assurance of IT developments.

FINANCE AND INSURANCE

Information security audits, risk management,

Vulnerability management, legal hack, source code analysis,

Business continuity management and disaster management (BCM),

Boundary- and network protection,

Enterprise Mobility Management (EMM),

Log management, SIEM,

Compliance management.

Information security audits, compliance

Under this activity we verify compliance with valid information security requirements, (laws, standards, recommendations, etc.), create proposals for measures necessary to achieve compliance, and upon request also carry out preparations for compliance.

Information security risk analysis

With our information security risk analysis service we highlight the vulnerabilities of the information processing system (processes, people, technology, etc.) to various threats and the extent of business impact that would result from their exploitation, with the aim of developing protection proportionate to the risk.

Design of information security control systems (ISCS) and regulation of information security (ISR)

During the design of information security control systems (ISCS) and regulation of information security (ISR) we define criteria, processes, and responsibilities in order to ensure that the protection level of the information security system of a company can be developed continuously and/or maintained at the desired level.

Disaster recovery plan (DRP)

Within our crisis- and disaster management service we design and implement proactive and reactive protection systems (resources, capabilities, processes) in order to respond to disaster situations and subsequently recover resources within the optimal timeframe.

IBF, mentoring, education, raising awareness

In order for the introduced information security system (processes, technology, resources, etc.) to become efficient, their use must be combined with the daily work of suitably trained professionals. We gladly share our knowledge in the area of information security with our clients, through training sessions and awareness courses.

Design, implementation, and support of internal and external network protection solutions

Increasingly advanced solutions used by criminals on the Internet and growing threats make it necessary to employ modern, next generation firewall systems, innovative network security solutions (intrusion prevention-, content filtering-, data leak prevention-, and traffic control systems), as well as special expertise. Our world-class solutions and key partnerships guarantee a higher level of security.

Identification and access control at the network and logical levels

Beyond traditional identification procedures (username, password), secure access to network services and contents may require strengthened identification solutions (e.g. multi-factor authentication) or more complex identification and access control (NAC, Cisco ISE, etc.). Modern access control systems already take into account the increasing popularity of mobile devices (EMM systems) and the mobility needs of users (BYOD).

Technological audit and penetration test of information systems

Thanks to 10 years of experience in the area of the technological audit and penetration testing of information systems (ethical hacking) and our complex engineering approach we can discover the vulnerabilities of information systems and, after their proper assessment, develop an action plan proportionate to the risk, which we present to decision-makers.

Vulnerability management

Our vulnerability management service enables organisations to keep the state of their IT systems under continuous and automated control, while minimising security risks. For medium-sized and large IT systems risks can only be managed correctly by automated tools – casual and manual methods are inadequate.

Design, implementation, and support of EMM (Enterprise Mobility Management) systems

We assist our clients with Enterprise Mobility Management solutions so that – especially for a large number of mobile devices – devices can be installed, their secure use managed, and security and compliance requirements enforced in the most efficient manner possible.

Design, implementation, and support of SIEM systems

Logging provides information about the general state of IT elements and events important in terms of security. The centralised collection and analysis of log files enables the detection and investigation of complex security incidents and provides information for subsequent checks or legal proceedings. Our solutions include not only the implementation of the SIEM system and the activation of basic reports and alarms, but also the detection of incidents from events that require correlation, which other tools are incapable of.

Source code analysis

Business data is stored, managed, and transmitted by applications, but the inherent vulnerabilities of software products carry a business risk. Our Source Code Analysis (SCA) solution can assist the persons involved in the development (developers, programmers, quality assurance and test personnel, security auditors, etc.) in the detection and correction of security problems within the source code, also enabling the review of discovered errors after troubleshooting.

Operation and operational support services

We can undertake the operation and operational support of information security systems according to the ITIL methodology. For this purpose, we operate a 24/7 on-call expert service with the necessary specialist competences and infrastructural conditions (e.g. HelpDesk, standby devices, etc.).

Project management and quality management services

We can provide qualified (PMI) and experienced project managers for the management, quality assurance, and auditing of IT projects. Under our quality management services we ensure the satisfaction of our client regarding the end product of our supply partner in a measurable and reproducible fashion, taking into account international and national quality control standards and recommendations. Through the combined use of these two areas we can even relaunch or redesign projects that have come to a standstill.