We determine the outline and applicability of the requirements
We record systems, data, classes, owners, integrations, current documents and technical limitations.
Result: boundaries and survey map.Who is it suitable for?
CISO and information security service
We need a licensed practice that understands the requirements of FSTEC and actual operation.
Public sector and regulated companies
There are ISPD, GIS, CII, personal data, integrations and document requirements.
CIO and infrastructure
It is necessary to combine information security requirements with networks, servers, DevOps, ERP and application systems.
Head of Procurement
It is necessary to correctly formulate the scope of work, artifacts, acceptance criteria and procurement documentation.
Pain and management risk
An information security project often fails when requirements are described separately from the actual infrastructure, users, data and operations.
| Pain | What happens without preparation |
|---|---|
| There are no clear system boundaries | It is impossible to provably determine the composition of assets, data, owners and protection measures. |
| Documents are not related to implementation | The threat model and set of documents exist separately from networks, servers, information security and processes. |
| Purchasing information security does not solve the risk | Products are purchased without a proven architecture, compatibility and operational model. |
| Checking becomes stressful | The team is not ready to explain what measures have been taken, where the evidence is and who is responsible for the operation. |
What does RESTART do?
Preparing a threat model and requirements
We analyze threats, current violators, channels, vulnerabilities and protection measures.
Result: threat model and list of measures.We design HLD/LLD and SZI
We select architecture, segmentation, access rights, logs, information security/cryptographic information security and operational processes.
Result: design solutions.We support implementation and acceptance
We help implement measures, prepare documents, check settings and collect evidence.
Result: roadmap and acceptance package.Artifacts at the output
Asset and Data Map
Systems, owners, data types, integrations, areas of responsibility.
Threat model
Current threats, violators, scenarios and applicable protection measures.
HLD/LLD
Architectural and detailed design solutions for information security.
Implementation roadmap
Priorities, quick actions, procurement, implementation, documents and operation.
First stage deadline
For CII/Federal Law No. 152-FZ, a reasonable start is diagnostics within 10-15 working days. It provides a manageable picture of the current state and a plan of action without prematurely purchasing unnecessary protective equipment.
Team composition
| Role | Area of responsibility |
|---|---|
| Information Security Architect | Requirements, threat model, protection measures, HLD/LLD. |
| Information security implementation engineer | Compatibility, settings, pilot, production operations. |
| System Analyst | Outlines, processes, documents, owners, acceptance artifacts. |
| Project manager | Work plan, risks, communications, control of deadlines and artifacts. |
Standard plan
1
Survey
Systems, data, networks, roles, documents, integrations and operations.
2
Classification and threats
Applicability of Federal Law No. 152-FZ, CII, GIS, threat model and list of measures.
3
Architecture
HLD/LLD, information security, access, segmentation, logs, maintenance processes.
4
Road map
Priorities, procurement, implementation, documents, milestones and acceptance.
Relevant cases and experience
Public cases do not reveal confidential details of customers, but show RESTART’s experience in related enterprise landscapes.
Frequently asked questions
Does RESTART have a FSTEC license?
Yes, information about licenses and statuses is published on the website in the “Licenses and statuses” section.
Is it possible to start with diagnostics only?
Yes. This is the safest format: first understand the outline, risks and applicable requirements, then plan the implementation.
Are you implementing information security or just preparing documents?
RESTART closes the full cycle: inspection, design, selection of solutions, implementation, documents and operation support.
Application form
Fill out a short application or send an email to info@restart.re. For the first conversation, it is enough to describe the outline, the role of the organization, current systems, limitations and the desired outcome.
Let's discuss your environment
Describe the task, current systems, constraints, and expected results. We will offer a practical first step: diagnostics, pilot, audit, roadmap or project team.
