{"global":{"lastError":{},"locale":"en","locales":{"data":[{"id":"de","name":"Deutsch"},{"id":"en","name":"English"}],"loading":false,"error":false},"currency":{"id":49,"name":"EUR"},"currencies":{"data":[{"id":49,"name":"EUR"},{"id":124,"name":"RUB"},{"id":153,"name":"UAH"},{"id":155,"name":"USD"}],"loading":false,"error":false},"translations":{"company":{"role-vendor":{"en":"Vendor","ru":"Производитель","_type":"localeString"},"role-supplier":{"ru":"Поставщик","_type":"localeString","en":"Supplier"},"products-popover":{"de":"die produkte","ru":"Продукты","_type":"localeString","en":"Products"},"introduction-popover":{"en":"introduction","ru":"внедрения","_type":"localeString"},"partners-popover":{"ru":"партнеры","_type":"localeString","en":"partners"},"update-profile-button":{"_type":"localeString","en":"Update profile","ru":"Обновить профиль"},"read-more-button":{"en":"Show more","ru":"Показать ещё","_type":"localeString"},"hide-button":{"ru":"Скрыть","_type":"localeString","en":"Hide"},"user-implementations":{"_type":"localeString","en":"Deployments","ru":"Внедрения"},"categories":{"ru":"Компетенции","_type":"localeString","en":"Categories"},"description":{"en":"Description","ru":"Описание","_type":"localeString"},"role-user":{"en":"User","ru":"Пользователь","_type":"localeString"},"partnership-vendors":{"en":"Partnership with vendors","ru":"Партнерство с производителями","_type":"localeString"},"partnership-suppliers":{"en":"Partnership with suppliers","ru":"Партнерство с поставщиками","_type":"localeString"},"reference-bonus":{"en":"Bonus 4 reference","ru":"Бонус за референс","_type":"localeString"},"partner-status":{"ru":"Статус партнёра","_type":"localeString","en":"Partner status"},"country":{"_type":"localeString","en":"Country","ru":"Страна"},"partner-types":{"_type":"localeString","en":"Partner types","ru":"Типы партнеров"},"branch-popover":{"en":"branch","ru":"область деятельности","_type":"localeString"},"employees-popover":{"ru":"количество сотрудников","_type":"localeString","en":"number of employees"},"partnership-programme":{"en":"Partnership program","ru":"Партнерская программа","_type":"localeString"},"partner-discounts":{"ru":"Партнерские скидки","_type":"localeString","en":"Partner discounts"},"registered-discounts":{"ru":"Дополнительные преимущества за регистрацию сделки","_type":"localeString","en":"Additional benefits for registering a deal"},"additional-advantages":{"_type":"localeString","en":"Additional Benefits","ru":"Дополнительные преимущества"},"additional-requirements":{"ru":"Требования к уровню партнера","_type":"localeString","en":"Partner level requirements"},"certifications":{"ru":"Сертификация технических специалистов","_type":"localeString","en":"Certification of technical specialists"},"sales-plan":{"ru":"Годовой план продаж","_type":"localeString","en":"Annual Sales Plan"},"partners-vendors":{"ru":"Партнеры-производители","_type":"localeString","en":"Partners-vendors"},"partners-suppliers":{"ru":"Партнеры-поставщики","_type":"localeString","en":"Partners-suppliers"},"all-countries":{"ru":"Все страны","_type":"localeString","en":"All countries"},"supplied-products":{"en":"Supplied products","ru":"Поставляемые продукты","_type":"localeString"},"vendored-products":{"en":"Produced products","ru":"Производимые продукты","_type":"localeString"},"vendor-implementations":{"_type":"localeString","en":"Produced deployments","ru":"Производимые внедрения"},"supplier-implementations":{"en":"Supplied deployments","ru":"Поставляемые внедрения","_type":"localeString"},"show-all":{"ru":"Показать все","_type":"localeString","en":"Show all"},"not-yet-converted":{"en":"Data is moderated and will be published soon. Please, try again later.","ru":"Данные модерируются и вскоре будут опубликованы. Попробуйте повторить переход через некоторое время.","_type":"localeString"},"schedule-event":{"en":"Events schedule","ru":"Pасписание событий","_type":"localeString"},"implementations":{"_type":"localeString","en":"Deployments","ru":"Внедрения"},"register":{"ru":"Регистрация ","_type":"localeString","en":"Register"},"login":{"ru":"Вход","_type":"localeString","en":"Login"},"auth-message":{"ru":"Для просмотра ивентов компании авторизируйтесь или зарегистрируйтесь на сайт.","_type":"localeString","en":"To view company events please log in or register on the sit."},"company-presentation":{"_type":"localeString","en":"Company presentation","ru":"Презентация компании"}},"header":{"help":{"_type":"localeString","en":"Help","de":"Hilfe","ru":"Помощь"},"how":{"en":"How does it works","de":"Wie funktioniert es","ru":"Как это работает","_type":"localeString"},"login":{"_type":"localeString","en":"Log in","de":"Einloggen","ru":"Вход"},"logout":{"ru":"Выйти","_type":"localeString","en":"Sign out"},"faq":{"_type":"localeString","en":"FAQ","de":"FAQ","ru":"FAQ"},"references":{"_type":"localeString","en":"Requests","de":"References","ru":"Мои запросы"},"solutions":{"ru":"Возможности","_type":"localeString","en":"Solutions"},"find-it-product":{"en":"Selection and comparison of IT product","ru":"Подбор и сравнение ИТ продукта","_type":"localeString"},"autoconfigurator":{"_type":"localeString","en":" Price calculator","ru":"Калькулятор цены"},"comparison-matrix":{"ru":"Матрица сравнения","_type":"localeString","en":"Comparison Matrix"},"roi-calculators":{"en":"ROI calculators","ru":"ROI калькуляторы","_type":"localeString"},"b4r":{"en":"Bonus for reference","ru":"Бонус за референс","_type":"localeString"},"business-booster":{"ru":"Развитие бизнеса","_type":"localeString","en":"Business boosting"},"catalogs":{"en":"Catalogs","ru":"Каталоги","_type":"localeString"},"products":{"_type":"localeString","en":"Products","ru":"Продукты"},"implementations":{"en":"Deployments","ru":"Внедрения","_type":"localeString"},"companies":{"ru":"Компании","_type":"localeString","en":"Companies"},"categories":{"_type":"localeString","en":"Categories","ru":"Категории"},"for-suppliers":{"_type":"localeString","en":"For suppliers","ru":"Поставщикам"},"blog":{"ru":"Блог","_type":"localeString","en":"Blog"},"agreements":{"ru":"Сделки","_type":"localeString","en":"Deals"},"my-account":{"en":"My account","ru":"Мой кабинет","_type":"localeString"},"register":{"en":"Register","ru":"Зарегистрироваться","_type":"localeString"},"comparison-deletion":{"en":"Deletion","ru":"Удаление","_type":"localeString"},"comparison-confirm":{"ru":"Подтвердите удаление","_type":"localeString","en":"Are you sure you want to delete"},"search-placeholder":{"ru":"Введите поисковый запрос","_type":"localeString","en":"Enter your search term"},"my-profile":{"ru":"Мои данные","_type":"localeString","en":"My profile"},"about":{"en":"About Us","_type":"localeString"},"it_catalogs":{"en":"IT catalogs","_type":"localeString"},"roi4presenter":{"_type":"localeString","en":"Roi4Presenter"},"roi4webinar":{"en":"Pitch Avatar","_type":"localeString"},"sub_it_catalogs":{"_type":"localeString","en":"Find IT product"},"sub_b4reference":{"_type":"localeString","en":"Get reference from user"},"sub_roi4presenter":{"_type":"localeString","en":"Make online presentations"},"sub_roi4webinar":{"_type":"localeString","en":"Create an avatar for the event"},"catalogs_new":{"_type":"localeString","en":"Products"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"},"it_our_it_catalogs":{"_type":"localeString","en":"Our IT Catalogs"},"it_products":{"_type":"localeString","en":"Find and compare IT products"},"it_implementations":{"_type":"localeString","en":"Learn implementation reviews"},"it_companies":{"_type":"localeString","en":"Find vendor and company-supplier"},"it_categories":{"_type":"localeString","en":"Explore IT products by category"},"it_our_products":{"en":"Our Products","_type":"localeString"},"it_it_catalogs":{"_type":"localeString","en":"IT catalogs"}},"footer":{"copyright":{"de":"Alle rechte vorbehalten","ru":"Все права защищены","_type":"localeString","en":"All rights reserved"},"company":{"de":"Über die Firma","ru":"О компании","_type":"localeString","en":"My Company"},"about":{"ru":"О нас","_type":"localeString","en":"About us","de":"Über uns"},"infocenter":{"ru":"Инфоцентр","_type":"localeString","en":"Infocenter","de":"Infocenter"},"tariffs":{"ru":"Тарифы","_type":"localeString","en":"Subscriptions","de":"Tarife"},"contact":{"de":"Kontaktiere uns","ru":"Связаться с нами","_type":"localeString","en":"Contact us"},"marketplace":{"_type":"localeString","en":"Marketplace","de":"Marketplace","ru":"Marketplace"},"products":{"de":"Produkte","ru":"Продукты","_type":"localeString","en":"Products"},"compare":{"_type":"localeString","en":"Pick and compare","de":"Wähle und vergleiche","ru":"Подобрать и сравнить"},"calculate":{"en":"Calculate the cost","de":"Kosten berechnen","ru":"Расчитать стоимость","_type":"localeString"},"get_bonus":{"_type":"localeString","en":"Bonus for reference","de":"Holen Sie sich einen Rabatt","ru":"Бонус за референс"},"salestools":{"_type":"localeString","en":"Salestools","de":"Salestools","ru":"Salestools"},"automatization":{"ru":"Автоматизация расчетов","_type":"localeString","en":"Settlement Automation","de":"Abwicklungsautomatisierung"},"roi_calcs":{"ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators","de":"ROI-Rechner"},"matrix":{"ru":"Матрица сравнения","_type":"localeString","en":"Comparison matrix","de":"Vergleichsmatrix"},"b4r":{"de":"Rebate 4 Reference","ru":"Rebate 4 Reference","_type":"localeString","en":"Rebate 4 Reference"},"our_social":{"en":"Our social networks","de":"Unsere sozialen Netzwerke","ru":"Наши социальные сети","_type":"localeString"},"subscribe":{"en":"Subscribe to newsletter","de":"Melden Sie sich für den Newsletter an","ru":"Подпишитесь на рассылку","_type":"localeString"},"subscribe_info":{"ru":"и узнавайте первыми об акциях, новых возможностях и свежих обзорах софта","_type":"localeString","en":"and be the first to know about promotions, new features and recent software reviews"},"policy":{"_type":"localeString","en":"Privacy Policy","ru":"Политика конфиденциальности"},"user_agreement":{"_type":"localeString","en":"Agreement","ru":"Пользовательское соглашение "},"solutions":{"ru":"Возможности","_type":"localeString","en":"Solutions"},"find":{"ru":"Подбор и сравнение ИТ продукта","_type":"localeString","en":"Selection and comparison of IT product"},"quote":{"ru":"Калькулятор цены","_type":"localeString","en":"Price calculator"},"boosting":{"ru":"Развитие бизнеса","_type":"localeString","en":"Business boosting"},"4vendors":{"ru":"поставщикам","_type":"localeString","en":"4 vendors"},"blog":{"_type":"localeString","en":"blog","ru":"блог"},"pay4content":{"_type":"localeString","en":"we pay for content","ru":"платим за контент"},"categories":{"_type":"localeString","en":"categories","ru":"категории"},"showForm":{"ru":"Показать форму","_type":"localeString","en":"Show form"},"subscribe__title":{"_type":"localeString","en":"We send a digest of actual news from the IT world once in a month!","ru":"Раз в месяц мы отправляем дайджест актуальных новостей ИТ мира!"},"subscribe__email-label":{"ru":"Email","_type":"localeString","en":"Email"},"subscribe__name-label":{"ru":"Имя","_type":"localeString","en":"Name"},"subscribe__required-message":{"ru":"Это поле обязательное","_type":"localeString","en":"This field is required"},"subscribe__notify-label":{"en":"Yes, please, notify me about news, events and propositions","ru":"Да, пожалуйста уведомляйте меня о новостях, событиях и предложениях","_type":"localeString"},"subscribe__agree-label":{"ru":"Подписываясь на рассылку, вы соглашаетесь с %TERMS% и %POLICY% и даете согласие на использование файлов cookie и передачу своих персональных данных*","_type":"localeString","en":"By subscribing to the newsletter, you agree to the %TERMS% and %POLICY% and agree to the use of cookies and the transfer of your personal data"},"subscribe__submit-label":{"en":"Subscribe","ru":"Подписаться","_type":"localeString"},"subscribe__email-message":{"ru":"Пожалуйста, введите корректный адрес электронной почты","_type":"localeString","en":"Please, enter the valid email"},"subscribe__email-placeholder":{"ru":"username@gmail.com","_type":"localeString","en":"username@gmail.com"},"subscribe__name-placeholder":{"ru":"Имя Фамилия","_type":"localeString","en":"Last, first name"},"subscribe__success":{"ru":"Вы успешно подписаны на рассылку. Проверьте свой почтовый ящик.","_type":"localeString","en":"You are successfully subscribed! Check you mailbox."},"subscribe__error":{"en":"Subscription is unsuccessful. Please, try again later.","ru":"Не удалось оформить подписку. Пожалуйста, попробуйте позднее.","_type":"localeString"},"roi4presenter":{"ru":"roi4presenter","_type":"localeString","en":"Roi4Presenter","de":"roi4presenter"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4webinar":{"_type":"localeString","en":"Pitch Avatar"},"b4reference":{"en":"Bonus4Reference","_type":"localeString"}},"breadcrumbs":{"home":{"ru":"Главная","_type":"localeString","en":"Home"},"companies":{"_type":"localeString","en":"Companies","ru":"Компании"},"products":{"ru":"Продукты","_type":"localeString","en":"Products"},"implementations":{"_type":"localeString","en":"Deployments","ru":"Внедрения"},"login":{"en":"Login","ru":"Вход","_type":"localeString"},"registration":{"ru":"Регистрация","_type":"localeString","en":"Registration"},"b2b-platform":{"_type":"localeString","en":"B2B platform for IT buyers, vendors and suppliers","ru":"Портал для покупателей, поставщиков и производителей ИТ"}},"comment-form":{"title":{"ru":"Оставить комментарий","_type":"localeString","en":"Leave comment"},"firstname":{"ru":"Имя","_type":"localeString","en":"First name"},"lastname":{"ru":"Фамилия","_type":"localeString","en":"Last name"},"company":{"ru":"Компания","_type":"localeString","en":"Company name"},"position":{"ru":"Должность","_type":"localeString","en":"Position"},"actual-cost":{"_type":"localeString","en":"Actual cost","ru":"Фактическая стоимость"},"received-roi":{"ru":"Полученный ROI","_type":"localeString","en":"Received ROI"},"saving-type":{"ru":"Тип экономии","_type":"localeString","en":"Saving type"},"comment":{"_type":"localeString","en":"Comment","ru":"Комментарий"},"your-rate":{"en":"Your rate","ru":"Ваша оценка","_type":"localeString"},"i-agree":{"ru":"Я согласен","_type":"localeString","en":"I agree"},"terms-of-use":{"en":"With user agreement and privacy policy","ru":"С пользовательским соглашением и политикой конфиденциальности","_type":"localeString"},"send":{"ru":"Отправить","_type":"localeString","en":"Send"},"required-message":{"ru":"{NAME} - это обязательное поле","_type":"localeString","en":"{NAME} is required filed"}},"maintenance":{"title":{"en":"Site under maintenance","ru":"На сайте проводятся технические работы","_type":"localeString"},"message":{"en":"Thank you for your understanding","ru":"Спасибо за ваше понимание","_type":"localeString"}}},"translationsStatus":{"company":"success"},"sections":{},"sectionsStatus":{},"pageMetaData":{"company":{"title":{"en":"ROI4CIO: Company","ru":"ROI4CIO: Компания","_type":"localeString"},"meta":[{"content":"https://roi4cio.com/fileadmin/templates/roi4cio/image/roi4cio-logobig.jpg","name":"og:image"},{"name":"og:type","content":"website"}],"translatable_meta":[{"translations":{"ru":"Компания","_type":"localeString","en":"Company"},"name":"title"},{"name":"description","translations":{"ru":"Описание компании","_type":"localeString","en":"Company description"}},{"translations":{"ru":"Ключевые слова для компании","_type":"localeString","en":"Company keywords"},"name":"keywords"}]}},"pageMetaDataStatus":{"company":"success"},"subscribeInProgress":false,"subscribeError":false},"auth":{"inProgress":false,"error":false,"checked":true,"initialized":false,"user":{},"role":null,"expires":null},"products":{"productsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null,"useProductLoading":false,"sellProductLoading":false,"templatesById":{},"comparisonByTemplateId":{}},"filters":{"filterCriterias":{"loading":false,"error":null,"data":{"price":{"min":0,"max":6000},"users":{"loading":false,"error":null,"ids":[],"values":{}},"suppliers":{"loading":false,"error":null,"ids":[],"values":{}},"vendors":{"loading":false,"error":null,"ids":[],"values":{}},"roles":{"id":200,"title":"Roles","values":{"1":{"id":1,"title":"User","translationKey":"user"},"2":{"id":2,"title":"Supplier","translationKey":"supplier"},"3":{"id":3,"title":"Vendor","translationKey":"vendor"}}},"categories":{"flat":[],"tree":[]},"countries":{"loading":false,"error":null,"ids":[],"values":{}}}},"showAIFilter":false},"companies":{"companiesByAlias":{"m-privacy-gmbh":{"id":6167,"title":"m-privacy GmbH","logoURL":"https://old.roi4cio.com/uploads/roi/company/m-privacy.png","alias":"m-privacy-gmbh","address":"","roles":[{"id":2,"type":"supplier"},{"id":3,"type":"vendor"}],"description":" <span style=\"font-weight: bold;\">m-privacy GmbH</span> is a company specializing in IT security and privacy consulting. With TightGate-Pro and TightGate-Mobile , they have developed one of the most secure solutions for the Internet access of computer workstations. Company's products comply with the highest security standards, are certified and have proven themselves in government and business for years.<br />In addition, m-privacy provides a comprehensive range of IT security services. These range from Website security analysis and IS short revision to complete ISO 27001 certification.<br />In the field of corporate data protection, <span style=\"font-weight: bold;\">m-privacy </span>offers you our Initial Data Protection Analysis . <br />Source: https://www.m-privacy.de/en/","companyTypes":["supplier","vendor"],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{"24":{"id":24,"title":"DLP - Data Leak Prevention","description":"Data leak prevention (DLP) is a suite of technologies aimed at stemming the loss of sensitive information that occurs in enterprises across the globe. By focusing on the location, classification and monitoring of information at rest, in use and in motion, this solution can go far in helping an enterprise get a handle on what information it has, and in stopping the numerous leaks of information that occur each day. DLP is not a plug-and-play solution. The successful implementation of this technology requires significant preparation and diligent ongoing maintenance. Enterprises seeking to integrate and implement DLP should be prepared for a significant effort that, if done correctly, can greatly reduce risk to the organization. Those implementing the solution must take a strategic approach that addresses risks, impacts and mitigation steps, along with appropriate governance and assurance measures.","materialsDescription":" <span style=\"font-weight: bold;\">How to protect the company from internal threats associated with leakage of confidential information?</span>\r\nIn order to protect against any threat, you must first realize its presence. Unfortunately, not always the management of companies is able to do this if it comes to information security threats. The key to successfully protecting against information leaks and other threats lies in the skillful use of both organizational and technical means of monitoring personnel actions.\r\n<span style=\"font-weight: bold;\">How should the personnel management system in the company be organized to minimize the risks of leakage of confidential information?</span>\r\nA company must have a special employee responsible for information security, and a large department must have a department directly reporting to the head of the company.\r\n<span style=\"font-weight: bold;\">Which industry representatives are most likely to encounter confidential information leaks?</span>\r\nMore than others, representatives of such industries as industry, energy, and retail trade suffer from leaks. Other industries traditionally exposed to leakage risks — banking, insurance, IT — are usually better at protecting themselves from information risks, and for this reason they are less likely to fall into similar situations.\r\n<span style=\"font-weight: bold;\">What should be adequate measures to protect against leakage of information for an average company?</span>\r\nFor each organization, the question of protection measures should be worked out depending on the specifics of its work, but developing information security policies, instructing employees, delineating access to confidential data and implementing a DLP system are necessary conditions for successful leak protection for any organization. Among all the technical means to prevent information leaks, the DLP system is the most effective today, although its choice must be taken very carefully to get the desired result. So, it should control all possible channels of data leakage, support automatic detection of confidential information in outgoing traffic, maintain control of work laptops that temporarily find themselves outside the corporate network...\r\n<span style=\"font-weight: bold;\">Is it possible to give protection against information leaks to outsourcing?</span>\r\nFor a small company, this may make sense because it reduces costs. However, it is necessary to carefully select the service provider, preferably before receiving recommendations from its current customers.\r\n<span style=\"font-weight: bold;\">What data channels need to be monitored to prevent leakage of confidential information?</span>\r\nAll channels used by employees of the organization - e-mail, Skype, HTTP World Wide Web protocol ... It is also necessary to monitor the information recorded on external storage media and sent to print, plus periodically check the workstation or laptop of the user for files that are there saying should not.\r\n<span style=\"font-weight: bold;\">What to do when the leak has already happened?</span>\r\nFirst of all, you need to notify those who might suffer - silence will cost your reputation much more. Secondly, you need to find the source and prevent further leakage. Next, you need to assess where the information could go, and try to somehow agree that it does not spread further. In general, of course, it is easier to prevent the leakage of confidential information than to disentangle its consequences.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Data_Leak_Prevention.png","alias":"dlp-data-leak-prevention"},"34":{"id":34,"title":"ITSM - IT Service Management","description":"<span style=\"font-weight: bold; \">IT service management (ITSM)</span> is the process of designing, delivering, managing, and improving the IT services an organization provides to its end users. ITSM is focused on aligning IT processes and services with business objectives to help an organization grow.\r\nITSM positions IT services as the key means of delivering and obtaining value, where an internal or external IT service provider works with business customers, at the same time taking responsibility for the associated costs and risks. ITSM works across the whole lifecycle of a service, from the original strategy, through design, transition and into live operation.\r\nTo ensure sustainable quality of IT services, ITSM establishes a set of practices, or processes, constituting a service management system. There are industrial, national and international standards for IT service management solutions, setting up requirements and good practices for the management system. \r\nITSM system is based on a set of principles, such as focusing on value and continual improvement. It is not just a set of processes – it is a cultural mindset to ensure that the desired outcome for the business is achieved. \r\n<span style=\"font-weight: bold; \">ITIL (IT Infrastructure Library)</span> is a framework of best practices and recommendations for managing an organization's IT operations and services. IT service management processes, when built based on the ITIL framework, pave the way for better IT service operations management and improved business. To summarize, ITIL is a set of guidelines for effective IT service management best practices. ITIL has evolved beyond the delivery of services to providing end-to-end value delivery. The focus is now on the co-creation of value through service relationships. \r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">ITSM processes typically include five stages, all based on the ITIL framework:</span></p>\r\n<span style=\"font-weight: bold; \">ITSM strategy.</span> This stage forms the foundation or the framework of an organization's ITSM process building. It involves defining the services that the organization will offer, strategically planning processes, and recognizing and developing the required assets to keep processes moving. \r\n<span style=\"font-weight: bold; \">Service design.</span> This stage's main aim is planning and designing the IT services the organization offers to meet business demands. It involves creating and designing new services as well as assessing current services and making relevant improvements.\r\n<span style=\"font-weight: bold; \">Service transition.</span> Once the designs for IT services and their processes have been finalized, it's important to build them and test them out to ensure that processes flow. IT teams need to ensure that the designs don't disrupt services in any way, especially when existing IT service processes are upgraded or redesigned. This calls for change management, evaluation, and risk management. \r\n<span style=\"font-weight: bold; \">Service operation. </span>This phase involves implementing the tried and tested new or modified designs in a live environment. While in this stage, the processes have already been tested and the issues fixed, but new processes are bound to have hiccups—especially when customers start using the services. \r\n<span style=\"font-weight: bold;\">Continual service improvement (CSI).</span> Implementing IT processes successfully shouldn't be the final stage in any organization. There's always room for improvement and new development based on issues that pop up, customer needs and demands, and user feedback.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Benefits of efficient ITSM processes</h1>\r\nIrrespective of the size of business, every organization is involved in IT service management in some way. ITSM ensures that incidents, service requests, problems, changes, and IT assets—in addition to other aspects of IT services—are managed in a streamlined way.\r\nIT teams in your organization can employ various workflows and best practices in ITSM, as outlined in ITIL. Effective IT service management can have positive effects on an IT organization's overall function.\r\nHere are the 10 key benefits of ITSM:\r\n<ul><li> Lower costs for IT operations</li><li> Higher returns on IT investments</li><li> Minimal service outages</li><li> Ability to establish well-defined, repeatable, and manageable IT processes</li><li> Efficient analysis of IT problems to reduce repeat incidents</li><li> Improved efficiency of IT help desk teams</li><li> Well-defined roles and responsibilities</li><li> Clear expectations on service levels and service availability</li><li> Risk-free implementation of IT changes</li><li> Better transparency into IT processes and services</li></ul>\r\n<h1 class=\"align-center\">How to choose an ITSM tool?</h1>\r\nWith a competent IT service management goal in mind, it's important to invest in a service desk solution that caters to your business needs. It goes without saying, with more than 150 service desk tools to choose from, selecting the right one is easier said than done. Here are a few things to keep in mind when choosing an ITSM products:\r\n<span style=\"font-weight: bold; \">Identify key processes and their dependencies. </span>Based on business goals, decide which key ITSM processes need to be implemented and chart out the integrations that need to be established to achieve those goals. \r\n<span style=\"font-weight: bold; \">Consult with ITSM experts.</span> Participate in business expos, webinars, demos, etc., and educate yourself about the various options that are available in the market. Reports from expert analysts such as Gartner and Forrester are particularly useful as they include reviews of almost every solution, ranked based on multiple criteria.\r\n<span style=\"font-weight: bold; \">Choose a deployment option.</span> Every business has a different IT infrastructure model. Selecting an on-premises or software as a service (SaaS IT service management) tool depends on whether your business prefers to host its applications and data on its own servers or use a public or private cloud.\r\n<span style=\"font-weight: bold; \">Plan ahead for the future.</span> Although it's important to consider the "needs" primarily, you shouldn't rule out the secondary or luxury capabilities. If the ITSM tool doesn't have the potential to adapt to your needs as your organization grows, it can pull you back from progressing. Draw a clear picture of where your business is headed and choose an service ITSM that is flexible and technology-driven.\r\n<span style=\"font-weight: bold;\">Don't stop with the capabilities of the ITSM tool.</span> It might be tempting to assess an ITSM tool based on its capabilities and features but it's important to evaluate the vendor of the tool. A good IT support team, and a vendor that is endorsed for their customer-vendor relationship can take your IT services far. Check Gartner's magic quadrant and other analyst reports, along with product and support reviews to ensure that the said tool provides good customer support.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_ITSM.png","alias":"itsm-it-service-management"},"40":{"id":40,"title":"Endpoint security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png","alias":"endpoint-security"},"50":{"id":50,"title":"IPC - Information Protection and Control","description":"Information Protection and Control (IPC) is a technology for protecting confidential information from internal threats. IPC solutions are designed to protect information from internal threats, prevent various types of information leaks, corporate espionage, and business intelligence. The term IPC combines two main technologies: encryption of storage media at all points of the network and control of technical channels of information leakage using Data Loss Prevention (DLP) technologies. Network, application and data access control is a possible third technology in IPC class systems. IPC includes solutions of the Data Loss Prevention (DLP) class, a system for encrypting corporate information and controlling access to it. The term IPC was one of the first to use IDC analyst Brian Burke in his report, Information Protection and Control Survey: Data Loss Prevention and Encryption Trends.\r\nIPC technology is a logical continuation of DLP technology and allows you to protect data not only from leaks through technical channels, that is, insiders, but also from unauthorized user access to the network, information, applications, and in cases where the direct storage medium falls into the hands of third parties. This allows you to prevent leaks in those cases when an insider or a person who does not have legal access to data gain access to the direct carrier of information. For example, removing a hard drive from a personal computer, an insider will not be able to read the information on it. This allows you to prevent the compromise of confidential data even in the event of loss, theft or seizure (for example, when organizing operational events by special services specialists, unscrupulous competitors or raiders).\r\nThe main objective of IPC systems is to prevent the transfer of confidential information outside the corporate information system. Such a transfer (leak) may be intentional or unintentional. Practice shows that most of the leaks (more than 75%) do not occur due to malicious intent, but because of errors, carelessness, carelessness, and negligence of employees - it is much easier to detect such cases. The rest is connected with the malicious intent of operators and users of enterprise information systems, in particular, industrial espionage and competitive intelligence. Obviously, malicious insiders, as a rule, try to trick IPC analyzers and other control systems.","materialsDescription":"<span style=\"font-weight: bold; \">What is Information Protection and Control (IPC)?</span>\r\nIPC (English Information Protection and Control) is a generic name for technology to protect confidential information from internal threats.\r\nIPC solutions are designed to prevent various types of information leaks, corporate espionage, and business intelligence. IPC combines two main technologies: media encryption and control of technical channels of information leakage (Data Loss Prevention - DLP). Also, the functionality of IPC systems may include systems of protection against unauthorized access (unauthorized access).\r\n<span style=\"font-weight: bold; \">What are the objectives of IPC class systems?</span>\r\n<ul><li>preventing the transfer of confidential information beyond the corporate information system;</li><li>prevention of outside transmission of not only confidential but also other undesirable information (offensive expressions, spam, eroticism, excessive amounts of data, etc.);</li><li>preventing the transmission of unwanted information not only from inside to outside but also from outside to inside the organization’s information system;</li><li>preventing employees from using the Internet and network resources for personal purposes;</li><li>spam protection;</li><li>virus protection;</li><li>optimization of channel loading, reduction of inappropriate traffic;</li><li>accounting of working hours and presence at the workplace;</li><li>tracking the reliability of employees, their political views, beliefs, collecting dirt;</li><li>archiving information in case of accidental deletion or damage to the original;</li><li>protection against accidental or intentional violation of internal standards;</li><li>ensuring compliance with standards in the field of information security and current legislation.</li></ul>\r\n<span style=\"font-weight: bold; \">Why is DLP technology used in IPC?</span>\r\nIPC DLP technology supports monitoring of the following technical channels for confidential information leakage:\r\n<ul><li>corporate email;</li><li>webmail;</li><li>social networks and blogs;</li><li>file-sharing networks;</li><li>forums and other Internet resources, including those made using AJAX technology;</li><li>instant messaging tools (ICQ, Mail.Ru Agent, Skype, AOL AIM, Google Talk, Yahoo Messenger, MSN Messenger, etc.);</li><li>P2P clients;</li><li>peripheral devices (USB, LPT, COM, WiFi, Bluetooth, etc.);</li><li>local and network printers.</li></ul>\r\nDLP technologies in IPC support control, including the following communication protocols:\r\n<ul><li>FTP;</li><li>FTP over HTTP;</li><li>FTPS;</li><li>HTTP;</li><li>HTTPS (SSL);</li><li>NNTP;</li><li>POP3;</li><li>SMTP.</li></ul>\r\n<span style=\"font-weight: bold; \">What information protection facilities does IPC technology include?</span>\r\nIPC technology includes the ability to encrypt information at all key points in the network. The objects of information security are:\r\n<ul><li>Server hard drives;</li><li>SAN;</li><li>NAS;</li><li>Magnetic tapes;</li><li>CD/DVD/Blue-ray discs;</li><li>Personal computers (including laptops);</li><li>External devices.</li></ul>\r\nIPC technologies use various plug-in cryptographic modules, including the most efficient algorithms DES, Triple DES, RC5, RC6, AES, XTS-AES. The most used algorithms in IPC solutions are RC5 and AES, the effectiveness of which can be tested on the project [distributed.net]. They are most effective for solving the problems of encrypting data of large amounts of data on server storages and backups.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/IPC_-_Information_Protection_and_Control.png","alias":"ipc-information-protection-and-control"},"335":{"id":335,"title":"Secure Content and Threat Management","description":" Secure content management is the set of processes and technologies that supports the collection, managing, and publishing of information. It involves processes for protecting the company from viruses, spam and undesirable web pages to not only provide enhanced security but also address productivity and potential human resources issues. Even after controlling the number of avenues through which information can enter, after the implementation of perimeter security, the cyber attackers still find ways to piggyback across valid communication channels.\r\nSecure Content Management technologies have evolved rapidly over the last few years due to the complexity of threats associated with email and web gateways. Businesses are increasingly focusing on eliminating this threat by adopting the 2 gateways, rather than the purely productive driven anti-spam and web-filtering techniques.\r\nSecure Content Management solutions are gaining traction due to the increased need for handling voluminous content that is getting generated in organizations on a daily basis. The rising adoption of digitalization, Bring Your Own Device (BYOD), growth of e-commerce, and social media has increased the amount of content generated in inter-organizations and intra-organizations.\r\nSCM solutions offer clients with the benefit of paper-free workflow, accurate searching of the required information, and better information sharing, and also addresses required industry standards and regulations. SCM solutions enable clients with handling essential enterprise information and save time and cost associated with searching for the required business data for making key business decisions.\r\nThe solutions offered for Secure Content Management includes:\r\n<span style=\"font-style: italic;\">Anti-Spam:</span> Spam Filters are introduced for spam e-mail which not only consumes time and money but also network and mail server resources.\r\n<span style=\"font-style: italic;\">Web Surfing:</span> Limiting the websites that end-users are allowed to access will increase work productivity, ensure maximum bandwidth availability and lower the liability issues.\r\n<span style=\"font-style: italic;\">Instant Messaging:</span> Convenient and growing, but difficult to handle, this technology serves as a back door for viruses and worms to enter your network. It also provides a way for sensitive information to be shared over the network.<br /><br /><br />","materialsDescription":" <span style=\"font-weight: bold;\">What are the reasons for adopting secure content management?</span>\r\nFollowing are the reasons for creating the need for secure content management:\r\n<ul><li>Lost productivity</li><li>Introduction of malicious code</li><li>Potential liability</li><li>Wasted network resources</li><li>Control over intellectual property</li><li>Regulatory Compliance</li></ul>\r\nBecause of these reasons, there is rising concern over the security of the organization and creating the need for the adoption of Secure content Management from the clients.\r\n<span style=\"font-weight: bold;\">Strategy Adopted for implementing Secure Content Management</span>\r\nThe strategy applied for Secure Content Management includes the 4 step process including\r\n<span style=\"font-weight: bold;\">Discover</span> involves Identifying and Defining the process of Data Management and collecting the data created.\r\n<span style=\"font-weight: bold;\">Classify</span> is the process of identifying critical data and segregating between secure information and unstructured information.\r\n<span style=\"font-weight: bold;\">Control</span> involves the process of data cleansing, Encrypting the digital content and Securing critical information.\r\n<span style=\"font-weight: bold;\">Govern</span> is the process of creating Service Level Agreements for usage rules, retention rules.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Content_and_Threat_Management.png","alias":"secure-content-and-threat-management"},"399":{"id":399,"title":"Requirements Visualization, Definition, and Management","description":" Requirements management is the process of documenting, analyzing, tracing, prioritizing and agreeing on requirements and then controlling change and communicating to relevant stakeholders. It is a continuous process throughout a project. A requirement is a capability to which a project outcome (product or service) should conform.\r\nThe purpose of requirements management is to ensure that an organization documents, verifies, and meets the needs and expectations of its customers and internal or external stakeholders. Requirements management begins with the analysis and elicitation of the objectives and constraints of the organization. Requirements management further includes supporting planning for requirements, integrating requirements and the organization for working with them (attributes for requirements), as well as relationships with other information delivering against requirements, and changes for these.\r\nThe traceability thus established is used in managing requirements to report back fulfilment of company and stakeholder interests in terms of compliance, completeness, coverage, and consistency. Traceabilities also support change management as part of requirements management in understanding the impacts of changes through requirements or other related elements (e.g., functional impacts through relations to functional architecture), and facilitating introducing these changes.\r\nRequirements management involves communication between the project team members and stakeholders, and adjustment to requirements changes throughout the course of the project. To prevent one class of requirements from overriding another, constant communication among members of the development team is critical. For example, in software development for internal applications, the business has such strong needs that it may ignore user requirements, or believe that in creating use cases, the user requirements are being taken care of.\r\nRequirements traceability is concerned with documenting the life of a requirement. It should be possible to trace back to the origin of each requirement and every change made to the requirement should therefore be documented in order to achieve traceability. Even the use of the requirement after the implemented features have been deployed and used should be traceable.\r\nRequirements come from different sources, like the business person ordering the product, the marketing manager and the actual user. These people all have different requirements for the product. Using requirements traceability, an implemented feature can be traced back to the person or group that wanted it during the requirements elicitation. This can, for example, be used during the development process to prioritize the requirement, determining how valuable the requirement is to a specific user. It can also be used after the deployment when user studies show that a feature is not used, to see why it was required in the first place.","materialsDescription":"<span style=\"font-weight: bold; \">Requirements activities</span>\r\nAt each stage in a development process, there are key requirements management activities and methods. To illustrate, consider a standard five-phase development process with Investigation, Feasibility, Design, Construction, and Test, and Release stages.\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Investigation</span></span>\r\nIn Investigation, the first three classes of requirements are gathered from the users, from the business, and from the development team. In each area, similar questions are asked; what are the goals, what are the constraints, what are the current tools or processes in place, and so on. Only when these requirements are well understood can functional requirements be developed.\r\nIn the common case, requirements cannot be fully defined at the beginning of the project. Some requirements will change, either because they simply weren’t extracted, or because internal or external forces at work affect the project in mid-cycle.\r\nThe deliverable from the Investigation stage is a requirements document that has been approved by all members of the team. Later, in the thick of development, this document will be critical in preventing scope creep or unnecessary changes. As the system develops, each new feature opens a world of new possibilities, so the requirements specification anchors the team to the original vision and permits a controlled discussion of scope change.\r\nWhile many organizations still use only documents to manage requirements, others manage their requirements baselines using software tools. These tools allow requirements to be managed in a database, and usually have functions to automate traceability (e.g., by allowing electronic links to be created between parent and child requirements, or between test cases and requirements), electronic baseline creation, version control, and change management. Usually, such tools contain an export function that allows a specification document to be created by exporting the requirements data into a standard document application.\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Feasibility</span></span>\r\nIn the Feasibility stage, the costs of the requirements are determined. For user requirements, the current cost of work is compared to the future projected costs once the new system is in place. Questions such as these are asked: “What are data entry errors costing us now?” Or “What is the cost of scrap due to operator error with the current interface?” Actually, the need for the new tool is often recognized as these questions come to the attention of financial people in the organization.\r\nBusiness costs would include, “What department has the budget for this?” “What is the expected rate of return on the new product in the marketplace?” “What’s the internal rate of return in reducing the costs of training and support if we make a new, easier-to-use system?”\r\nTechnical costs are related to software development costs and hardware costs. “Do we have the right people to create the tool?” “Do we need new equipment to support expanded software roles?” This last question is an important type. The team must inquire into whether the newest automated tools will add sufficient processing power to shift some of the burdens from the user to the system in order to save people time.\r\nThe question also points out a fundamental point about requirements management. A human and a tool form a system, and this realization is especially important if the tool is a computer or a new application on a computer. The human mind excels in parallel processing and interpretation of trends with insufficient data. The CPU excels in serial processing and accurate mathematical computation. The overarching goal of the requirements management effort for a software project would thus be to make sure the work being automated gets assigned to the proper processor. For instance, “Don’t make the human remember where she is in the interface. Make the interface report the human’s location in the system at all times.” Or “Don’t make the human enter the same data in two screens. Make the system store the data and fill in the second screen as needed.”\r\nThe deliverable from the Feasibility stage is the budget and schedule for the project.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Design</span></span>\r\nAssuming that costs are accurately determined and benefits to be gained are sufficiently large, the project can proceed to the Design stage. In Design, the main requirements management activity is comparing the results of the design against the requirements document to make sure that work is staying in scope.\r\nAgain, flexibility is paramount to success. Here’s a classic story of scope change in mid-stream that actually worked well. Ford auto designers in the early ‘80s were expecting gasoline prices to hit $3.18 per gallon by the end of the decade. Midway through the design of the Ford Taurus, prices had centered to around $1.50 a gallon. The design team decided they could build a larger, more comfortable, and more powerful car if the gas prices stayed low, so they redesigned the car. The Taurus launch set nationwide sales records when the new car came out, primarily because it was so roomy and comfortable to drive.\r\nIn most cases, however, departing from the original requirements to that degree does not work. So the requirements document becomes a critical tool that helps the team make decisions about design changes.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Construction and test</span></span>\r\nIn the construction and testing stage, the main activity of requirements management is to make sure that work and cost stay within schedule and budget, and that the emerging tool does, in fact, meet requirements. A main tool used in this stage is prototype construction and iterative testing. For a software application, the user interface can be created on paper and tested with potential users while the framework of the software is being built. The results of these tests are recorded in a user interface design guide and handed off to the design team when they are ready to develop the interface. This saves time and makes their jobs much easier.\r\nVerification: This effort verifies that the requirement has been implemented correctly. There are 4 methods of verification: analysis, inspection, testing, and demonstration. Numerical software execution results or through-put on a network test, for example, provides analytical evidence that the requirement has been met. Inspection of vendor documentation or spec sheets also verifies requirements. Actually testing or demonstrating the software in a lab environment also verifies the requirements: a test type of verification will occur when test equipment not normally part of the lab (or system under test) is used. Comprehensive test procedures which outline the steps and their expected results clearly identify what is to be seen as a result of performing the step. After the step or set of steps is completed the last step's expected result will call out what has been seen and then identify what requirements or requirements have been verified (identified by number). The requirement number, title, and verbiage are tied together in another location in the test document.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Requirements change management</span></span>\r\nHardly would any software development project be completed without some changes being asked of the project. The changes can stem from changes in the environment in which the finished product is envisaged to be used, business changes, regulation changes, errors in the original definition of requirements, limitations in technology, changes in the security environment and so on. The activities of requirements change management include receiving the change requests from the stakeholders, recording the received change requests, analyzing and determining the desirability and process of implementation, implementation of the change request, quality assurance for the implementation and closing the change request. Then the data of change requests be compiled, analyzed and appropriate metrics are derived and dovetailed into the organizational knowledge repository.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Release</span></span>\r\nRequirements management does not end with product release. From that point on, the data coming in about the application’s acceptability is gathered and fed into the Investigation phase of the next generation or release. Thus the process begins again.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Requirements_Visualization.png","alias":"requirements-visualization-definition-and-management"},"457":{"id":457,"title":"DDoS Protection","description":" A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.\r\nIn a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.\r\nA DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade.\r\nCriminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and activism can motivate these attacks. ","materialsDescription":" <span style=\"font-weight: bold;\">What are the Different Types of DDoS Attacks?</span>\r\nDistributed Denial of Service attacks vary significantly, and there are thousands of different ways an attack can be carried out (attack vectors), but an attack vector will generally fall into one of three broad categories:\r\n<span style=\"font-weight: bold;\">Volumetric Attacks:</span>\r\nVolumetric attacks attempt to consume the bandwidth either within the target network/service or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.\r\n<span style=\"font-weight: bold;\">TCP State-Exhaustion Attacks:</span>\r\nTCP State-Exhaustion attacks attempt to consume the connection state tables which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves. Even high capacity devices capable of maintaining state on millions of connections can be taken down by these attacks.\r\n<span style=\"font-weight: bold;\">Application Layer Attacks:</span>\r\nApplication Layer attacks target some aspect of an application or service at Layer-7. These are the deadliest kind of attacks as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate). Application layer attacks have come to prevalence over the past three or four years and simple application layer flood attacks (HTTP GET flood etc.) have been some of the most common denials of service attacks seen in the wild.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DDoS_Protection.png","alias":"ddos-protection"},"467":{"id":467,"title":"Network Forensics","description":" Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation.\r\nNetwork forensics generally has two uses. The first, relating to security, involves monitoring a network for anomalous traffic and identifying intrusions. An attacker might be able to erase all log files on a compromised host; network-based evidence might therefore be the only evidence available for forensic analysis. The second form relates to law enforcement. In this case analysis of captured network traffic can include tasks such as reassembling transferred files, searching for keywords and parsing human communication such as emails or chat sessions.\r\nTwo systems are commonly used to collect network data; a brute force "catch it as you can" and a more intelligent "stop look listen" method.\r\nNetwork forensics is a comparatively new field of forensic science. The growing popularity of the Internet in homes means that computing has become network-centric and data is now available outside of disk-based digital evidence. Network forensics can be performed as a standalone investigation or alongside a computer forensics analysis (where it is often used to reveal links between digital devices or reconstruct how a crime was committed).\r\nMarcus Ranum is credited with defining Network forensics as "the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents".\r\nCompared to computer forensics, where evidence is usually preserved on disk, network data is more volatile and unpredictable. Investigators often only have material to examine if packet filters, firewalls, and intrusion detection systems were set up to anticipate breaches of security.\r\nSystems used to collect network data for forensics use usually come in two forms:\r\n<ul><li>"Catch-it-as-you-can" – This is where all packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage.</li><li>"Stop, look and listen" – This is where each packet is analyzed in a rudimentary way in memory and only certain information saved for future analysis. This approach requires a faster processor to keep up with incoming traffic.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Why is network forensics important?</span>\r\nNetwork forensics is important because so many common attacks entail some type of misuse of network resources.\r\n<span style=\"font-weight: bold;\">What are the different ways in which the network can be attacked?</span>\r\nAttacks typically target availability confidentiality and integrity. Loss of any one of these items constitutes a security breach.\r\n<span style=\"font-weight: bold;\">Where is the best place to search for information?</span>\r\nInformation can be found by either doing a live analysis of the network, analyzing IDS information, or examining logs that can be found in routers and servers.\r\n<span style=\"font-weight: bold;\">How does a forensic analyst know how deeply to look for information?</span>\r\nSome amount of information can be derived from looking at the skill level of the attacker. Attackers with little skill are much less likely to use advanced hiding techniques.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Network_Forensics.png","alias":"network-forensics"},"485":{"id":485,"title":"Web security","description":" Web security basically means protecting a website or web application by detecting, preventing and responding to cyber threats.\r\nWebsites and web applications are just as prone to security breaches as physical homes, stores, and government locations. Unfortunately, cybercrime happens every day, and great web security measures are needed to protect websites and web applications from becoming compromised.\r\nThat’s exactly what web security does – it is a system of protection measures and protocols that can protect your website or web application from being hacked or entered by unauthorized personnel. This integral division of Information Security is vital to the protection of websites, web applications, and web services. Anything that is applied over the Internet should have some form of web security to protect it.\r\nThere are a lot of factors that go into web security and web protection. Any website or application that is secure is surely backed by different types of checkpoints and techniques for keeping it safe.\r\nThere are a variety of security standards that must be followed at all times, and these standards are implemented and highlighted by the OWASP. Most experienced web developers from top cybersecurity companies will follow the standards of the OWASP as well as keep a close eye on the Web Hacking Incident Database to see when, how, and why different people are hacking different websites and services.\r\nEssential steps in protecting web apps from attacks include applying up-to-date encryption, setting proper authentication, continuously patching discovered vulnerabilities, avoiding data theft by having secure software development practices. The reality is that clever attackers may be competent enough to find flaws even in a fairly robust secured environment, and so a holistic security strategy is advised.\r\nThere are different types of technologies available for maintaining the best security standards. Some popular technical solutions for testing, building, and preventing threats include black and white box testing tools, fuzzing tools, WAF, security or vulnerability scanners, password cracking tools, and so on.","materialsDescription":" <span style=\"font-weight: bold; \">What is Malware?</span>\r\nThe name malware is short for ‘malicioussoftware’. Malware includes any software program that has been created to perform an unauthorised — and often harmful — action on a user’s device. Examples of malware include:\r\n<ul><li>Computer viruses</li><li>Word and Excel macro viruses</li><li>Boot sector viruses</li><li>Script viruses — including batch, Windows shell, Java and others</li><li>Keyloggers</li><li>Password stealers</li><li>Backdoor Trojan viruses</li><li>Other Trojan viruses</li><li>Crimeware</li><li>Spyware</li><li>Adware... and many other types of malicious software programs</li></ul>\r\n<span style=\"font-weight: bold; \">What is the difference between a computer virus and a worm?</span>\r\n<span style=\"font-weight: bold; \">Computer virus.</span> This is a type of malicious program that can replicate itself — so that it can spread from file to file on a computer, and can also spread from one computer to another. Computer viruses are often programmed to perform damaging actions — such as corrupting or deleting data. The longer a virus remains undetected on your machine, the greater the number of infected files that may be on your computer.\r\n<span style=\"font-weight: bold; \">Worms.</span> Worms are generally considered to be a subset of computer viruses — but with some specific differences:\r\n<ul><li>A worm is a computer program that replicates, but does not infect other files.</li><li>The worm will install itself once on a computer — and then look for a way to spread to other computers.</li><li>Whereas a virus is a set of code that adds itself to existing files, a worm exists as a separate, standalone file.</li></ul>\r\n<span style=\"font-weight: bold; \">What is a Trojan virus?</span>\r\nA Trojan is effectively a program that pretends to be legitimate software — but, when launched, it will perform a harmful action. Unlike computer viruses and worms, Trojans cannot spread by themselves. Typically, Trojans are installed secretly and they deliver their malicious payload without the user’s knowledge.\r\nCybercriminals use many different types of Trojans — and each has been designed to perform a specific malicious function. The most common are:\r\n<ul><li>Backdoor Trojans (these often include a keylogger)</li><li>Trojan Spies</li><li>Password stealing Trojans</li><li>Trojan Proxies — that convert your computer into a spam distribution machine</li></ul>\r\n<span style=\"font-weight: bold; \">Why are Trojan viruses called Trojans?</span>\r\nIn Greek mythology — during the Trojan war — the Greeks used subterfuge to enter the city of Troy. The Greeks constructed a massive wooden horse — and, unaware that the horse contained Greek soldiers, the Trojans pulled the horse into the city. At night, the Greek soldiers escaped from the horse and opened the city gates — for the Greek army to enter Troy.\r\nToday, Trojan viruses use subterfuge to enter unsuspecting users’ computers and devices.\r\n<span style=\"font-weight: bold; \">What is a Keylogger?</span>\r\nA keylogger is a program that can record what you type on your computer keyboard. Criminals use keyloggers to obtain confidential data — such as login details, passwords, credit card numbers, PINs and other items. Backdoor Trojans typically include an integrated keylogger.\r\n<span style=\"font-weight: bold; \">What is Phishing?</span>\r\nPhishing is a very specific type of cybercrime that is designed to trick you into disclosing valuable information — such as details about your bank account or credit cards. Often, cybercriminals will create a fake website that looks just like a legitimate site — such as a bank’s official website. The cybercriminal will try to trick you into visiting their fake site — typically by sending you an email that contains a hyperlink to the fake site. When you visit the fake website, it will generally ask you to type in confidential data — such as your login, password or PIN.\r\n<span style=\"font-weight: bold; \">What is Spyware?</span>\r\nSpyware is software that is designed to collect your data and send it to a third party — without your knowledge or consent. Spyware programs will often:\r\n<ul><li>Monitor the keys you press on your keyboard — using a keylogger</li><li>Collect confidential information — such as your passwords, credit card numbers, PIN numbers and more</li><li>Gather — or ‘harvest’ — email addresses from your computer</li><li>Track your Internet browsing habits</li></ul>\r\n<span style=\"font-weight: bold; \">What is a Rootkit?</span>\r\nRootkits are programs that hackers use in order to evade detection while trying to gain unauthorised access to a computer. Rootkits have been used increasingly as a form of stealth to hide Trojan virus activity. When installed on a computer, rootkits are invisible to the user and also take steps to avoid being detected by security software.\r\nThe fact that many people log into their computers with administrator rights — rather than creating a separate account with restricted access — makes it easier for cybercriminals to install a rootkit.\r\n<span style=\"font-weight: bold; \">What is a Botnet?</span>\r\nA botnet is a network of computers controlled by cybercriminals using a Trojan virus or other malicious program.\r\n<span style=\"font-weight: bold;\">What is a DDoS attack?</span>\r\nA Distributed-Denial-of-Service (DDoS) attack is similar to a DoS. However, a DDoS attack is conducted using multiple machines. Usually, for a DDoS attack, the hacker will use one security compromised computer as the ‘master’ machine that co-ordinates the attack by other ‘zombie machines’. Typically, the cybercriminal will compromise the security on the master and all of the zombie machines, by exploiting a vulnerability in an application on each computer — to install a Trojan or other piece of malicious code.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/security-web-application-security.png","alias":"web-security"},"713":{"id":713,"title":"IT Trainings","description":" IT Training is specific to the Information Technology (IT) industry, or to the skills necessary for performing information technology jobs. IT Training includes courses related to the application, design, development, implementation, support or management of computer-based information systems.\r\nThe IT training market is segmented into six broad market segments. Based on TrainingIndustry.com research, these segments reflect how IT training companies focus their suite of offerings and from which areas they derive most of their revenue.\r\n<ul><li>IT Infrastructure Training focuses on building, sustaining, and managing technical infrastructure.</li><li>Programming and Database Training involves database construction and management, programming language, and similar areas.</li><li>Enterprise Business Applications Training involves software applications that manage organizations’ processes, such as ERP, CRM, call center management, automated billing systems, etc.</li><li>Desktop Applications Training focuses on how to use programs and applications for desktop users.</li><li>Certification Training includes certifications, compliance, exam preparation, or boot camp style training programs.</li><li>Cyber Security Training involves courses and training programs centered on IT network and system security.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">What is IT Training?</span>\r\nThe organized activity aimed at imparting information and/or instructions to improve the recipient's performance or to help him or her attain a required level of knowledge or skill in the IT-sphere.\r\n<span style=\"font-weight: bold;\">Who is an information technology (IT) trainer?</span>\r\nInformation technology trainers may teach IT administrative support staff or an organization's non-technical business users how to operate, configure, and maintain new technology. Employed either in-house as part of the IT department or by a technology vendor, the information technology trainer helps a company get the most value from its investment in an IT solution.\r\nAn information technology degree helps IT professionals build a foundation for a technical training career. In addition, IT trainers must stay up to date with evolving technology. IT certification programs such as MCSE certification allow trainers to build expertise in specific vendor technologies and systems components. According to the Bureau of Labor Statistics, training and development specialists in all fields earned a mean annual salary of $55,310 in 2009. Software publishing was among the top-paying industries for trainers, with a salary of $71,960.\r\n<span style=\"font-weight: bold;\">What is the target audience of IT Training?</span>\r\nStudents of IT training programs are predominately those who work in jobs related to computer science, network administration, information technology management, cloud computing, telecommunications, etc.\r\nGeneral business professionals and consumers who use IT applications, and computer and software products are other important audiences for IT training. IT training, more so than most other content segments of the training market, contains a substantial amount of business to consumer (B2C) training. Consumer training occurs when a student (or purchaser of a training program) completes the training on their own, without the recommendation, supervision, or support of an employer. This includes individuals aiming to improve their IT skill set or to gain certifications.\r\nThere is also a considerable amount of government spending in the IT training market, predominately in the area of cybersecurity.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IT_Trainings.png","alias":"it-trainings"},"718":{"id":718,"title":"IT Consulting","description":" In management, information technology consulting (also called IT consulting, computer consultancy, business and technology services, computing consultancy, technology consulting, and IT advisory) as a field of activity focuses on advising organizations on how best to use information technology (IT) in achieving their business objectives.\r\nThe IT consulting industry can be viewed as a Four-tier system:\r\n<ul><li>Professional services firms which maintain large professional workforces and command high bill rates.</li><li>Staffing firms, which place technologists with businesses on a temporary basis, typically in response to employee absences, temporary skill shortages and technical projects.</li><li>Independent consultants, who are self-employed or who function as employees of staffing firms (for US tax purposes, employed on Form W-2), or as independent contractors in their own right (for US tax purposes, on "1099").</li><li>Information Technology security consultants</li></ul>\r\nThere are different reasons why consultants are called in:\r\n<ul><li>To gain external, objective advice and recommendations</li><li>To gain access to the consultants' specialized expertise</li><li>Temporary help during a one-time project where the hiring of a permanent employee(s) is not required or necessary</li><li>To outsource all or part of the IT services from a specific company.</li></ul>\r\nThere is a relatively unclear line between management consulting and IT consulting. There are sometimes overlaps between the two fields, but IT consultants often have degrees in computer science, electronics, technology, or management information systems while management consultants often have degrees in accounting, economics, Industrial Engineering, finance, or a generalized MBA (Masters in Business Administration).\r\nAccording to the Institute for Partner Education & Development, IT consultants' revenues come predominantly from design and planning based consulting with a mixture of IT and business consulting. This is different from a systems integrator in that you do not normally take title to product. Their value comes from their ability to integrate and support technologies as well as determining product and brands. ","materialsDescription":"<span style=\"font-weight: bold; \">Who is an information technology (IT) consultant?</span>\r\nAn information technology consultant is a third-party service provider who is qualified to advise clients on the best use of IT to meet specific business requirements. IT consultants may work with a professional IT consultancy firm or as independent contractors. They may conduct a business needs assessment and develop an information systems solution that meets the organization's objectives.\r\nSome information technology consultants emphasize technical issues while others help organizations use IT to manage business processes. Still others specialize in a specific IT area such as information security.\r\nIT consultants need a deep knowledge of both business and information technology. A bachelor's degree in management information systems, computer science, or information science is the typical path into a technical consultancy career. IT certifications supplement this foundation with specialized technical training. Information technology degree and certification programs are available online to accommodate working IT professionals.\r\n<span style=\"font-weight: bold; \">What are the prerequisites and major obstacles?</span>\r\nOnce a business owner defined the needs to take a business to the next level, a decision maker will define a scope, cost and a time-frame of the project. The role of the IT consultancy company is to support and nurture the company from the very beginning of the project until the end, and deliver the project not only in the scope, time and cost but also with complete customer satisfaction.\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Project scoping and planning</span></span>\r\nThe usual problem is that a business owner doesn't know the detail of what the project is going to deliver until it starts the process. In many cases, the incremental effort in some projects can lead to significant financial loss.\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Business process and system design</span></span>\r\nThe scope of a project is linked intimately to the proposed business processes and systems that the project is going to deliver. Regardless of whether the project is to launch a new product range or discontinue unprofitable parts of the business, the change will have some impact on business processes and systems. The documentation of your business processes and system requirements are as fundamental to project scoping as an architects plans would be to the costing and scoping of the construction of a building.\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Project management support</span></span>\r\nThe most successful business projects are always those that are driven by an employee who has the authority, vision and influence to drive the required changes in a business. It is highly unlikely that a business owner (decision maker or similar) will realize the changes unless one has one of these people in the employment. However, the project leadership role typically requires significant experience and skills which are not usually found within a company focused on day-to-day operations. Due to this requirement within more significant business change projects/programs, outside expertise is often sought from firms which can bring this specific skill set to the company.\r\n<span style=\"font-weight: bold;\">What are the skills of IT-consulting?</span>\r\nAn IT consultant needs to possess the following skills:\r\n<ul><li>Advisory skills</li><li>Technical skills</li><li>Business skills</li><li>Communication skills</li><li>Management skills</li><li>Advisory language skills</li><li>Business and management language skills</li><li>Technical language skills</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IT_Consulting.png","alias":"it-consulting"},"727":{"id":727,"title":"IT Security Audit","description":" A <span style=\"font-weight: bold; \">computer security audit</span> is a manual or systematic measurable technical assessment of a system or application. Manual assessments include interviewing staff, performing security vulnerability scans, reviewing application and operating system access controls, and analyzing physical access to the systems. Automated assessments, or CAAT's, include system generated audit reports or using software to monitor and report changes to files and settings on a system. Systems can include personal computers, servers, mainframes, network routers, switches.\r\nAt its root, an <span style=\"font-weight: bold; \">IT security audit</span> includes two different assessments. The manual assessment occurs when an internal or external IT security audit companies interview employees, reviews access controls, analyzes physical access to hardware, and performs vulnerability scans. \r\nAudit, performed by IT security audit services or IT security audit software, analyzes individual technical infrastructure components at a detailed level, ensuring that each is functioning in a manner that reinforces appropriate information security. The stakes are made higher with a number of regulatory compliance requirements mandating that IT audits be included in organizational due diligence efforts. These reviews should occur, at a minimum, annually. Some organizations, however, prefer to do them more frequently.\r\nOrganizations should also review system-generated reports. Automated assessments not only incorporate that data, but also respond to software monitoring reports and changes to server and file settings.\r\nSecurity audits, vulnerability assessments, and penetration testing are the <span style=\"font-weight: bold; \">three main types of security diagnostics. </span>Each of the three takes a different approach and may be best suited for a particular purpose. \r\n<span style=\"font-weight: bold; \">Security audits</span> measure an information system's performance against a list of criteria. \r\nA <span style=\"font-weight: bold; \">vulnerability assessment,</span> on the other hand, involves a comprehensive study of an entire information system, seeking potential security weaknesses. \r\n<span style=\"font-weight: bold; \">Penetration testing</span> is a covert operation, in which a security expert tries a number of attacks to ascertain whether or not a system could withstand the same types of attacks from a malicious hacker. In penetration testing, the feigned attack can include anything a real attacker might try, such as social engineering. Each of the approaches has inherent strengths, and using two or more of them in conjunction may be the most effective approach of all.\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> <span style=\"font-weight: bold;\">What is a security audit?</span></h1>\r\nA Security Audit is a process or event where the IT security policy or standards are used as a basis to determine the overall state of existing protection and to verify whether existing protection is being performed properly. It aims to determine whether the current environment is securely protected in accordance with the defined IT security policy.<br />Before performing a security assessment or audit, the organization should define the scope of the security audit, and the budget and duration allowed for the assessment/audit.\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold;\">How often should a security audit be performed?</span></h1>\r\nA security audit only provides a snapshot of the vulnerabilities in a system at a particular point in time. As technology and the business environment changes, periodic and ongoing reviews will inevitably be required. Depending on the criticality of the business, a security audit might be conducted yearly, or every two years.\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold;\">Who should perform a security audit?</span></h1>\r\nA security audit is a complex task requiring skilled and experienced personnel; it must be planned carefully. To perform the audit an independent and trusted third party is recommended. This third party can be another group of in-house staff or an external audit team, dependent on the skills of the internal staff and the criticality/sensitivity of the information being audited.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IT_Security_Audit.png","alias":"it-security-audit"}},"branches":"Information Technology","companyUrl":"https://www.m-privacy.de/en/","countryCodes":[],"certifications":[],"isSeller":true,"isSupplier":true,"isVendor":true,"presenterCodeLng":"","seo":{"title":"m-privacy GmbH","keywords":"","description":" <span style=\"font-weight: bold;\">m-privacy GmbH</span> is a company specializing in IT security and privacy consulting. With TightGate-Pro and TightGate-Mobile , they have developed one of the most secure solutions for the Internet access of computer workstat","og:title":"m-privacy GmbH","og:description":" <span style=\"font-weight: bold;\">m-privacy GmbH</span> is a company specializing in IT security and privacy consulting. With TightGate-Pro and TightGate-Mobile , they have developed one of the most secure solutions for the Internet access of computer workstat","og:image":"https://old.roi4cio.com/uploads/roi/company/m-privacy.png"},"eventUrl":"","vendorPartners":[],"supplierPartners":[],"vendoredProducts":[],"suppliedProducts":[],"partnershipProgramme":null}},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"implementations":{"implementationsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"agreements":{"agreementById":{},"ids":{},"links":{},"meta":{},"loading":false,"error":null},"comparison":{"loading":false,"error":false,"templatesById":{},"comparisonByTemplateId":{},"products":[],"selectedTemplateId":null},"presentation":{"type":null,"company":{},"products":[],"partners":[],"formData":{},"dataLoading":false,"dataError":false,"loading":false,"error":false},"catalogsGlobal":{"subMenuItemTitle":""}}