Any information system that process information, distribution of which is limited or restricted (personal data, confidential information, bank secrecy, tax secrecy, etc.), should have certified information security system according to Belarusian legislation.
Synesis Stratus is licensed by Operations and Analysis Center under the President of the Republic of Belarus for technical and cryptographic information protection. The company has a testing laboratory that provides design, creation and certification of information security systems for information systems of any classes in accordance with the OAC Order No. 62 and STB 34.101.30-2017.
Synesis Stratus testing laboratory specialists have certificates of knowledge of most of the information security tools (WAF, DLP, SIEM, vulnerability scanners, etc.) and appropriate experience.
Synesis Stratus is licensed by Operations and Analysis Center under the President of the Republic of Belarus for technical and cryptographic information protection. The company has a testing laboratory that provides design, creation and certification of information security systems for information systems of any classes in accordance with the OAC Order No. 62 and STB 34.101.30-2017.
Synesis Stratus testing laboratory specialists have certificates of knowledge of most of the information security tools (WAF, DLP, SIEM, vulnerability scanners, etc.) and appropriate experience.
Service stages
Audit
Conducting the audit of the information system and developing a report, which includes the analysis of the documentation, information system and information flows structure, information security management system, etc.)
Information and information system classification
Classification of the processed information and classification the information system as a model informatization object
Security Target
Development of Security Target (or Technical Statement of Work) and evaluation assurance level documentation)
Security Target evaluation
Policies
Development of organizational security policy and other policies that regulate all the information security business processes while information system operating
Test operation
Conducting a test operation of information security system of information system
Vulnerability scanning
Conducting vulnerability scanning with the final report
Security assessment
Conducting a penetration test involving offensive security professionals
Acceptance tests
Conducting acceptance tests with the final protocol
Commercial exploitation
Official acceptance of information security system as commercially exploited
Certificate of conformity
Issuing information security system certificate of industrial standards conformity
Methodology:
- STB 34.101.1-2014 «Information technologies and security. Evaluation criteria for IT security»;
- STB 34.101.2-2014 «Information technology and security. Evaluation criteria for IT security. Part 2. Security functional components»;
- STB 34.101.3-2014 «Information technology and security. Evaluation criteria for IT security. Part 3. Security assurance components»;
- STB 34.101.9-2004 «Information technologies. Information security requirements for requirеments to protection of data from unauthorized access, defined in the technical task for the automated system design»;
- STB 34.101.30-2017 «Information technology. Security techniques. Information systems. Classification»;
- STB 34.101.59-2016 «Information technology and security. Security target. Methodical instructions for the development»;
- STB 34.101.62-2013 «Information technology and security. Ensuring information security of banks of the Republic of Belarus. Guidelines for information security documentation in accordance with STB 34.101.41 requirements»;
- STB ISO/IEC 27001-2016 «Information technology. Security techniques. Information security management systems. Requirements»;
- STB ISO/IEC 27002-2012 «Information technology. Security techniques. Code of practice for information security management».