Cyber Security solutions

IT security has become a highly critical issue for all businesses asa result of the growing pervasiveness and diffusion of ICTtechnology. Risks can arise both inside and outside organisations, and evena banal error in a software application can make a companyvulnerable, compromising the confidentiality, integrity andavailability of its IT resources and intellectual property.Critical infrastructures in both public and private sectors are

increasingly dependent on distributed information systems todeliver services that are essential for the well-being of the countryas a whole.Energy transmission and distribution networks (electric power,gas), telecommunications, transport management infrastructures(maritime, rail, air), the health care system and the financial sectorare becoming increasingly complex and interdependent. If theymalfunction, even for a limited period, it can have a negative

The scenario

impact on the economy, cause financial losses and, in certaincases, could put the security and safety of people and things atrisk. In the light of new business models, companies are beingforced to review their approach to managing risk and identifyingstrategies to reduce the vulnerability of critical infrastructure, withthe general focus moving away from defending IT assets, toprotecting services by upgrading analysis and monitoringcapabilities.

Security is even more critical for companies that process theircustomers’ sensitive data, because national and internationallaws make organisations and their managers legally responsiblefor security and privacy violations. Businesses therefore need toimplement security systems in response to regulations andlegislation.

SELEX Elsag experienceCyber crime represents a constantly changing threat thatrequires the support of security experts, permanent system andnetwork monitoring, and therefore significant investment in bothcompetences and resources.SELEX Elsag has more than 10 years’ experience working incyber security. Drawing on a dedicated organisation, aconsolidated approach and constant investment in resourcesand technology, the company provides public and privateorganisations with a comprehensive security strategy coveringorganisational, technological and compliance issues.

Our approach focuses on understanding the customer's specificneeds, main concerns and unique business drivers, with carefuladaptation of our solutions and processes accordingly.The customer retains total control over strategic decisions andbenefits from a personalized combination of services, deliveredto the highest standards of quality and expertise.Experience gained in various market sectors as Defence,Banking and Finance, Public Safety & Security, Telecom -munications, Emergency Services, Energy and Gas Productionand Distribution, Health Care, Transport, enables us to

understand both the business and security needs of criticalinfrastructures. This requires a profound understanding ofprocesses and operations, in order to provide companies withguarantees that their services will be delivered seamlessly tousers.Close collaboration with top security players, universities andresearch centres has enabled us to develop solutions thatcombine advanced technology with innovative calculationsystems to manage risk and prevent attacks: the CrossCorrelator, a system which correlates logical and physical events,

analysing not only the IT network but also the criticalinfrastructure, and tracking event occurrence trends; and theThreat Management System (TMS), a software package thatanalyses the information in an organisation and correlates itwith proprietary and open source vulnerability databases, inorder to determine the level of exposure of the informationsystem to existing threats.

Reference modelThe SELEX Elsag approach includes assessment of all cyberassets, risk analysis, network design review, and monitoring andmanagement of the entire security strategy to ensure theprotection of critical assets.

We offer expertise, tools, infrastructure and outsourcingsolutions through a team of highly qualified, certified specialistswho are kept constantly up-to-date. Services provided rangefrom the design, implementation and management of securecommunication networks, to the development of securitypolicies, through to service level monitoring, training andassistance.

Certifications• UNI EN ISO 9001:2008• Information Security: ISO/IEC 27001:2005• SOA: OS19 Category – VI grade• NOSC• Business Continuity – BS 25999-2• Safety – OHSAS 18001• LSR18.6E Certified Datacentre Infrastructure

(Lampertz Room) • Resilient Infrastructure with Disaster Recovery

Datacentre and UPS• ISO 27001 SOC and Datacentre certified perimeter

Security solutions A team of security experts designs and builds complete customsolutions to meet a company’s specific security requirements andimprove productivity. We offer turnkey solutions based on ananalysis of customer needs, comprising architecture and designspecification, implementation, and on-site integration. Servicesinclude the design of custom SOCs, secure collaboration solutions(Unified Communication and Messaging), informationmanagement with a particular focus on document classificationand protection, and secure web applications.

• Network and Application Design• Value Added Services• Data and User Protection• Data Loss and Leakage Prevention• Secure/Certified Mail• PKI and Digital Signature• Message and Document Protection• Document Secure Dematerialization

Managed security services The SELEX Elsag Security Operation Centre (SOC) provides aflexible and comprehensive set of management and monitoringservices that can be quickly tailored around any company’sspecific needs. Security services offer efficient, around-the-clockperimeter security with real-time monitoring, devicesmaintenance, event correlation, and analysis of the customer'sinfrastructure and critical applications for rapid response tosecurity threats.

• Firewall and IP VPN Management• Real Time Security Monitoring• Security Intelligence• Security Devices Maintenance• Ethical Hacking• CSIRT/CERT Services

Service portfolio

Enterprise fraud management A series of innovative services based on the integration oftechnology, policy and processes to enable proactive fraudprevention and remediation.

• Anti-phishing• Transaction Monitoring• Alert Management• Data Breach Response

Risk management and consultingProfessional IT security management services to helporganizations identify potential risks and evaluate them, and toprovide recommendations to mitigate the threats identified.The tools, techniques and methodologies adopted are tested inthe field and combined together to provide the best solution forthe company’s risk management requirements.

• ICT Risk Governance• Information Security Management Systems (ISO 27001)• Cobit Framework• Audit & Assessment• Compliance (D.Lgs. 196/2003, L. 262/05, D.Lgs. 231/01,

Sarbanes Oxley Act)• Basel II

Critical infrastructure protection A program for all industrial enterprises and sensitiveinfrastructures that need a complete security strategy able toaddress processes, people and technology. The SELEX Elsagapproach includes assessment of all cyber assets, risk analysis,network design review, monitoring and management of theentire security strategy to ensure the protection of critical assets.

• Cyber Asset Identification• Security Management• Personnel and Training• Perimeter Security• Physical Security• Systems Security Management• Incident Reporting & Response• Recovery Plans

Application security Evaluation of vulnerabilities in applications, taking account ofthe security posture of an application across the developmentlife cycle, enabling companies to identify, eliminate, and preventsecurity risks in their software.

• Web Application Security • Code Review• Application Security Testing• Social Networking Security

SELEX Elsag S.p.A.Sales Department – Point of Contact: getinfo@selexelsag.com – www.selexelsag.com© SELEX Elsag S.p.A. All Rights reserved. CODE: e-SEC-ED-114/V1/11/Z