Information and Communication Security Guide Consultancy Service
The Information and Communication Security (BIG)Guide is a guide that includes Information and Communication Security measures that must be followed by public institutions and establisments that provide critical infrastructure services.
BIG Guide, within the scope of the Presidential Circular dated 06.07.2019 and numbered 2019/12, T.R. It was prepared under the coordination of the Presidency of the Presidency Digital Transformation Office (DDO) and approved on 24.07.2020.
It is obligatory to comply with the precautions given in the Guide in the existing and newly established information systems in all public institutions and organizations and enterprises providing critical infrastructure services.
It is expected that the existing information technology infrastructures will be gradually harmonized with these principles within the framework of the plan in the Guide, taking into account the security level priorities.
Achieving and maintaining the achievements targeted in the Information and Communication Security Guide is only possible with effective audit and surveillance activities.
In this direction, Information and Communication Security Audit Guide has been prepared by the Digital Transformation Office to guide institutions and organizations in conducting audit studies.
Public institutions and organizations and enterprises providing critical infrastructure services are expected to complete their compliance activities within the period specified in the Information and Communication Security Guide, and to carry out audit studies at least once a year in order to determine the compliance of the activities carried out and the measures taken.
The following steps are followed in the Information and Communication Security Guide Compliance Consultancy service:
- Classification of assets in the institution in accordance with the guidelines
- Appropriate subdivision of classified assets
- Determination of the criticality of classified and grouped assets
- Determining the relevant application and technology areas and tightening measures of all asset groups, and determining the guidance articles to which they are subject.
- Performing vulnerability analysis by examining the condition of meeting the requirements of the guidelines to which all asset groups are subject.
- Establishing a work plan regarding the ways and methods to be followed in order to ensure compliance with the guideline
- Identification of compensatory measures
- Planning and carrying out guide awareness activities
- Evaluation of the results of the penetration tests to be applied
- Evaluation of the results of the technical controls to be made or to be made during the works
- Providing planning support to corporate auditors in audits to control compliance with the guideline
- Implementation of audit plans
- Evaluation of audit findings
- Preparation and control of audit reports and related audit guide annexes