Information and Communication Security Guide Compliance Service
Presidential Circular No. 2019/12 on Information and Communication Security Measures was published in the Official Gazette No. In line with the published Circular, the Information and Communication Security Guide was prepared with the participation of the stakeholders under the coordination of the Presidency DTO (Digital Transformation Office).
The main purpose of the guide is; It is the definition of activities to be carried out to reduce and eliminate information security risks and to determine minimum security measures and to implement the determined measures to ensure the security of critical information/data that may threaten national security or cause disruption of public order, especially when its confidentiality, integrity or accessibility is impaired.
The Information and Communication Security Guide offered by the National Keep is the first of the studies to be carried out on compliance with the said guide within the compliance consultancy;
- Determination of asset groups,
- Determining the criticality level of asset groups,
- Current situation and gap analysis,
- Preparation of the guide application roadmap,
consultancy services are provided.
The main headings of the asset group defined in the DTO Information and Communication Security Guide are listed below:
• Network and Systems
• Portable Devices and Media
• Internet of Things (IoT) Devices
• Physical Spaces
What are the Benefits of the Information and Communication Security Guide?
Encouraging the use of domestic and national products in public institutions and private sector organizations
Preventing unnecessary investments to be made in institutions and organizations that will be eligible in compliance with the information and communication security guide
Determining the levels of security measures and ensuring their segmentation. Three-level grading and applying minimum security measures to asset groups in line with their security rating
Compliance with the guide can be applied independently of the brand and product
Monitoring and measurement activities of details about the security measures to be taken can be provided.
Inspecting whether the measures to be taken are implemented or not
Increasing dominance of institutions and organizations over the infrastructure in their hands
As a result of the analysis of the used inventory, it can be designed in a way that will provide maximum benefit.
Grouping security measures and ensuring modularity of the guide
To be able to bring a standard to public institutions and organizations in terms of cyber security
Ensuring the sustainability of the guide by taking into account the needs, developing and changing conditions
Ensuring that the competence of the relevant personnel in public institutions and organizations is increased, if implemented.
The fact that the guide has benefited from many national/international standards established within the framework of information security
Actions Taken in Compliance with the Information and Communication Security Guidelines
1 - Current Situation and Gap Analysis
• Network and System Security
• Application and Data Security
• Portable Device and Media Security
• Security of Internet of Things (IoT) Devices
• Personnel Security
• Security of Physical Spaces
2- Application and Technology Security
• Security of Personal Data
• Instant Messaging Security
• Cloud Computing Security
• Crypto Applications Security
• Critical Infrastructure Security
• New Developments and Procurement
3- Tightening Measures
• Operating System Tightening Measures
• Database Consolidation Measures
• Server Tightening Measures
Each security measure under the sections 3, 4 and 5 of the Information and Communication Security Guide is rated as basic, intermediate and advanced. It is stated in the Information and Communication Security Guide that the measures to be applied to the asset group will be determined according to the following classification.
Level 1 Precautions: Basic level security measures should be applied to all assets in asset groups with a criticality level of 1.
Level 2 Precautions: In addition to the basic level security measures, medium level security measures should be applied to all assets in the asset groups with the criticality level 2.
Level 3 Measures: In addition to basic and medium level security measures, advanced security measures should be applied to all assets in asset groups with a criticality level of 3.
4- Preparation of the Roadmap
- Competency acquisition and trainings
- Product supply
- Procurement of services
- Version update
- Enterprise process improvement
5- Reporting and Analysis with our CYBERMATH Product
All studies and the results of the Compliance Service are analyzed and scored with the CYBERMATH product. In addition, information about the status of each domain and percentage success scores are displayed. In this process, the results of past compliance and audits are compared, and areas of improvement and decline are clearly seen. In addition, what is done with an approved report is recorded.