Secure your data with Information Security Management that complies with the Presidential Information Security Guidelines.
Create an inventory of your information assets in your organization and determine the criticality of the assets. Perform current status and gap analyses of these assets. Audit and improve the measures taken.
In our digitalised world, information security is of critical importance. Measures to be taken for the continuity of services and protection of personal and commercial information are vital for many organisations. For this reason, many organisations allocate significant budgets to take these measures. However, a structure that covers all of the measures taken piece by piece and evaluates the control mechanisms has not yet been fully established.
Despite a picture where everything seems to be in order, the risk of systems being unexpectedly blocked and becoming inoperable is a situation that should not be ignored. In addition, there are also very important factors such as legal obligations and loss of reputation in topics that need to be protected such as personal information.
Bilimp Information Security is a comprehensive software tool that offers a sustainable mechanism for all public and critical infrastructure enterprises that digitalises work and operations during the guideline compliance process and guideline audit process.
Guide Compliance Process
Automatically reveal the software and hardware assets of the organisation with Bilimp Time Optimisation and IT Inventory Software. Complete the inventory creation work that can take days within minutes.
Identification of Organisation Assets
In many organisations today, inventory records are not kept properly.
It is not clear which entity is where.
Inventories are not grouped and lists are not updated.
The current value of the inventories is not known.
Inventory status in warehouses does not coincide with the records and entry/exit movements are inconsistent.
Instant, detailed reporting cannot be made about how many assets are in which unit, their status and category.
Determination of Criticality Level of Asset Groups
Conduct a survey to determine the criticality of asset groups.
Determine the criticality of each asset group in terms of the dimension related to Data Processed (confidentiality, integrity and availability) and Impact (Dependent Assets, Number of People Affected, Organisational Consequences, Sectoral Impact and Societal Consequences).
Identify stakeholders by asset group and send the questionnaire to the relevant stakeholders.
Delphi method or arithmetic mean can be used to calculate the degree of criticality in the survey study. In the Delphi method, you can repeat the survey until a common decision is made, and you can send the survey requests directly to the relevant stakeholders through the system.
When the questionnaire is completed, the criticality rating of the relevant asset groups (Grade 1, Grade 2, Grade 3) is automatically calculated according to the score received.
Matching Asset Groups with "Safeguards" and "Tightening Measures"
Determine the applicability of the measures for each asset group according to the relevant areas.
Match asset groups with "Safeguards for Application and Technology Areas" and "Tightening Safeguards".
After determining to which areas the measures for asset groups will be applied, the list of 660 measures is automatically filtered and it is ensured that the transactions are carried out accurately and quickly.
Automatically generate the report to which fields the asset groups are applied.
Security measure status and gap analysis
Varlık gruplarına uygulanacak güvenlik ve sıkılaştırma tedbirlerini otomatik olarak listeleyin. Tedbirler, bir varlık grubunun "Uygulama ve Teknoloji" ve "Sıkılaştırma Tedbirleri" kapsamında uygulanabilirliğine göre otomatik olarak atanmaktadır.
Carry out analyses to determine the current situation for each asset group.
Determine the implementation and targeted status of the measures (Fully, Mostly, Partially, Never, Not applicable).
Establish compensating controls and targets in cases where the measure is not implemented in full.
Preparation of the road map
Plan the activities required to overcome the deficiencies identified as a result of the current situation and gap analysis.
Create any number of work packages.
Record the activities covered for each work package.
Itemise the objectives of each work package.
Organise work packages on a monthly basis.
Guidance Audit Process
According to the guide published by the Digital Transformation Office, audits are required at certain periods after the compliance process. The Bilimp Information Security Tool enables you to easily perform your definitions by providing ready-made interfaces for the topics specified in this guide.
Determination of the Audit Team:
Record information such as audit role, assignment type, certification/specialisation areas, etc. of the persons who will take part in the audit team.
Determine the personnel to be informed and the method of communication. Ensure uninterrupted communication with Bilimp's effective communication and sharing tools.
Automatically receive the "ANNEX - A: AUDIT TEAM INFORMATION" report to be sent to the Digital Transformation Office.
Making the audit programme
Determine the foreseen audit time for auditing the effectiveness of the Guidelines implementation processes (9 in total).
Determine the foreseen audit time for auditing the effectiveness of the measures applied to the asset groups (15 in total).
Plan the preparation of the necessary information and documents.
Determine the auditor information and the personnel to be informed.
Receive the Assessment of the Effectiveness of the Guidance Implementation Process and the Assessment of the Effectiveness of the Measures Applied to Asset Groups reports (Annex C: AUDIT PROGRAMME) easily.
Guide Implementation Process Evaluation of Effectiveness
Conduct an audit of the audit elements (9 in total) in the Guidance implementation process.
Record each audit element by entering the type of audit, effectiveness status and necessary explanations.
Easily obtain the Guidance Implementation Process Audit report (Annex-E: STATUS OF EFFECTIVENESS OF GUIDELINES IMPLEMENTATION PROCESS) requested by DDO.
Evaluation of Measure Effectiveness
Automatically filter a total of 1,200 audit questions according to the nature of the relevant asset group. Thus, do not encounter audit questions that are not related to the asset group.
Record each audit question with the options of interview, review, safety audit, etc. with the activity status and necessary explanations.
Add new audit questions if desired.
Easily obtain the measure effectiveness status report (Annex F: STATUS OF MEASURE EFFECTIVENESS) requested by DDO.
Findings and Evaluation Notes
Record the findings of non-conformities encountered during the audit with the standard coding on the basis of the audit element.
Record the elements identified in the audit work as a general evaluation.
Sample selection, reference study forms and the report of the evaluations (Annex D: Study Form) can be easily obtained.
Get the finding code, Audit Element and criticality level report (Annex G: Finding Table) easily.
Automatically inventory your hardware and software and track changes
It creates a sustainable mechanism, reduces the risk of error, and makes audits effective.
Automatically generates the reports requested by the Digital Transformation Office. Thus, it prevents the time consumption required to prepare reports.
It ensures that you comply with the procedures and principles in the Guide. It guides auditors in assessing the effectiveness of measures.
It enables change management to be done quickly and easily and increases process efficiency.
It eliminates manual processes that will lead to loss of work and time and digitalises all work and transactions on a process basis.
