ISO / IEC 27001 is the only global auditable and certifiable standard that defines Information Security Management System (ISMS) requirements. It is suitable for all organizations, large and small, regardless of the country or sector of the world. Establishing all management systems based on business risk approach in order to establish, implement, monitor, operate, maintain and develop the Information Security Management System is one of our areas of expertise.

With our audit service, we provide companies with ISO27001 certification or who think they are ready to receive this certificate, reporting the current situation and providing an idea about the improvements that can be made.

The PCI Data Security Standard (PCI DSS) is a standard that is expected to be followed by the council, which is established by credit card companies such as VISA, Mastercard, Discover, American Express, JCB, all member businesses and financial institutions that make credit card transactions. . In this standard, many requirements have been defined for member businesses to protect the information of cardholder users. in banks in Turkey, and as at member stores of 2010. In accordance with this standard and expects the demand to perform operations. Our Nabu Teknoloji PCIP certified consultants provide support in completing the preparations of your institution and making self-evaluations based on the statement called SAQ.

Vulnerability Analysis or Vulnerability Assessment is an in-depth analysis of deficits in institutional structures and their arrangement in order of importance. The aim is to detect and fix vulnerabilities that could harm the flow of processes before attacks, or to minimize them.
Penetration Test (Penetration Test):
* Determining which data and / or systems the building can access
* Determining which data and / or internal systems the building can access
To detect these situations, systems are attacked deliberately using predetermined vulnerabilities.

The main risks that threaten information security are the lack of awareness of the employees about security. Regular training is one of the most important items in raising the awareness level of employees. As an additional option in our service, tests can be made to examine and report your institution in terms of awareness.

To establish a Cyber Incident Response Team (SOME) within their own organization and to provide the necessary measures under the control of the National Cyber Incident Response Center (USOM) in order to ensure national cyber security and to guide the organizations to meet these requirements and to establish the organization. is its most basic purpose.