CSIRT Services

Providing Services and Technology Solutions for the security of Information Systems since 1993

Service Centers
Our Service Centers are equipped with all the necessary hardware, software and communication resources to provide a multi-technology solution that meets the highly diverse needs of GMV’s clients in each particular case. They run on a high-availability model with redundancy mechanisms, both local and geographical, according to GMV’s business continuity management system, certified by BSI under BS 25999.

The service centers work on a 24/7 basis. Management and operational procedures are based on GMV’s IT services management system, certified by AENOR under ISO 20000.

The security of the service centers is organized around a set of physical, technical and administrative controls that ensure confidentiality, integrity and availability of the managed information, both of GMV itself and of its clients. These security controls and their management are integrated with GMV’s information security management system, certified by AENOR under ISO 27001.

The services provided include:

Monitoring
The platform-, control- and service-monitoring arrangements check the availability and security of infrastructure and services, pinpointing any elements operating in an aberrant way or close to their capacity limit while detecting any malicious activity, bottlenecks or potential security incidents. A fundamental part of these services is the centralisation and management of security events/logs.

Digital Surveillance: atalaya
atalaya is GMV’s digital surveillance service to find out how its clients’ information is being published through the various outlets (social networking sites, blogs, search engines, etc) or identify those actions that might pose a threat or impair the company’s image. This service provides preventive control against fraud, information leaks, hacktivism and protests or attacks against the organization itself or any of its key personnel.

Vulnerability Management: gestvul®
gestvul® is GMV’s vulnerability management service to analyze and manage its clients’ information system security. To do so it carries out a series of automated checks to monitor all phases of a security audit, generating reports and analyzing vulnerability-correction progress, improvements in the exposure indices, etc.

Incident Management
The aim of the incident management service is to give any organization the operational capacity for detecting, analyzing and solving any security incidents. To do so GMV draws on all the requisite methodologies, procedures and turns to engineers with the necessary skills in the various security technologies. The resulting service provides 24/7 support for both applications and infrastructure. It is rounded out by continuous system patching and fortification services as well as rapid intervention services for critical systems.

Evidence Management
Evidence management really comes into its own when an investigation sets out not only to identify the causes and impact of an event but also to take legal action if any illegal behaviour comes to light. It would then be necessary, at each moment of the process, to present compiled evidence in court; the more trustworthy this evidence is, the more likely it is to be accepted by the judge. In GMV we implement Spanish good practices as drawn up by Aenor’s subcommittee SC-27; this greatly increases the chances of the evidence being admitted by the presiding judge.

GMV SOLUTIONS

DOCUMENTATION

REFERENCES

Some of GMV’s cybersecurity clients