České Radiokomunikace

Analysis of the state of cybersecurity

We will examine how your company is really doing in terms of cybersecurity

Prevention must constitute an integral part of defending and protecting against cyber attacks. We will determine how resilient your IT is and propose and plan your next security steps.
Try cybersecurity analysis

What this analysis will bring you

A clear idea of your actual situation
A clear idea of your actual situation
You will see the actual state of your information and cyber security.
Definition of the target situation
Definition of the target situation
The definition is based on current legislative requirements and standards, including NIS2.
Investment plan
Investment plan
An effective plan of investments in ICT security in line with your current needs.
Help with subsidies
Help with subsidies
We can help you get European subsidies for the services you purchase.

What our clients say

PRO.MED.CS Praha a.s.

Roman Hošek
Corporate ICT Manager, PRO.MED.CS Praha a.s.

We have decided to cooperate with CRA based on our prior experience and extended cooperation. We particularly appreciate CRA’s expertise and excellent communication, which has proven itself especially in an analysis of our existing systems and the design of customised solutions for us. We have chosen CRA as a long-term partner to provide our internal and external IT with the potential to expand our cooperation further.

Services included in the analysis

  • Basic analysis
    The basic analysis of the state of cybersecurity includes:
    • Determining the actual state of information and cyber security from the ISMS perspective.
    • Examination of the quality of processes, safety tools, and documentation.
  • GAP analysis
    Analysis of the current state of cybersecurity.
  • Risk analysis
    Identification and quantification of assets, threats, and vulnerabilities and determination of the resulting risk level.
  • Vulnerability scanning
    External scanning for known vulnerabilities of assets that are accessible from the internet.
  • Penetration testing
    External security testing of the perimeter, Wi-Fi, web applications, and portals. Comprehensive simulation of an attack on network components by an external attacker.
  • Advanced validation of cybersecurity
    Advanced analysis of network traffic with a focus on malware:
    • Identification of the threats and attacks using artificial intelligence and machine learning tools.
    • Detection of known, unknown, and targeted attacks.
    • Verification using security principles and policies.
    • Evaluation of the performance of the network and applications.
    • Network visualisation.
    • Forensic analysis.
  • Simulated attacks
    • Simulation of a DDoS attack.
    • Simulation of a fraud campaign.
  • Shared CISO
    The service of a dedicated, outsourced information security manager who strategically manages and optimizes cybersecurity practices.
  • DORA
    Cybersecurity in the financial sector.

We hold the necessary certificates and security is our top priority

  • NBÚ certificate
    We hold a valid certificate from the National Security Authority for access to classified information.
  • Physical security
    Physical security at BT3 level according to the National Security Authority methodology.
  • Proven technologies
    We use and offer only proven technologies to ensure cyber security.
  • Active support
    We provide active support, 24 hours a day.
  • ANSI-TIA942
    The technology is operated from an ANSI-TIA942 certified DC TOWER data centre
  • Common Criteria Certification for Information Technology (IT) Security (ISO/IEC 15408)
    Certification at CC EAL 4+ level
  • ISO 9001
    Quality management systems
  • ISO 14001
    Environmental management systems
  • ISO 19011
    Standard for the certification of internal auditors
  • ISO/IEC 20 000-1
    Information technologies – Service management system requirements
  • ISO/IEC 27001
    Information security management systems
  • ISO/IEC 27017
    Information technologies – Security techniques – A set of guidelines for cloud environment security and for minimising the potential risk of security incidents
  • ISO/IEC 27018
    Information technologies – Security techniques – A set of procedures for the protection of Personally Identifiable Information (PII) in public clouds acting as PII processors
  • SOC Type 1 and Type 2
    SOC 2 Type 1 and Type 2 certifications, issued in accordance with American Institute of Certified Public Accountants (AICPA) standards and requirements, cover information management and security in organizations
  • ISO 50 001 
    Energy management systems
  • PCI-DSS 
    Compliance with the requirements of PCI-DSS for data centre operators
  • NBÚ
    Certificate for access to classified information up to the classification level ‘CONFIDENTIAL’
  • GDPR compliance
    The infrastructure is fully compliant with GDPR requirements

More detailed information

  1. Basic cybersecurity analysis
    A basic service used to determine the actual state of information and cybersecurity from an ISMS perspective in order to determine the quality of processes, security tools, and management documentation.

    The service is based on the criteria of the CIS v8 methodology. The service is provided in the form of a simple interview based on the completion of a simple questionnaire covering each of the areas concerned.
  2. GAP analysis
    This is an analysis of the current state of cybersecurity. The investigation consists of analysing internal documents (guidelines), tools, and processes, and analysing and processing of data from questionnaires and guided online interviews with the company’s employees and IT specialists.

    A GAP analysis is performed on the basis of CIS v8 standards as well as on the basis of the ISO 27001 and NIST standards and of ZoKB or NIS 2.0, GDPR, and TISAX requirements. The product is a final report that presents a view from four perspectives, the description of which represents the main objectives of the analysis.
  3. Risk analysis
    This is an analysis of the security of information assets with the current state of cyber security. The investigation consists of analysing internal documents (guidelines), tools, and processes, and analysing and processing of data from questionnaires and guided online interviews with the company’s employees and IT specialists.

    The product is a comprehensive risk analysis report including BIA (Business Impact Analysis) and mapping of the degree of compliance with ISO/IEC 27001 requirements, taking into account ISO/IEC 27002 and 27005 in the form of an SOA, i.e., an analysis of the applicability of the requirements in the entity’s environment or in the environment of the supply chain.
  4. Vulnerability Scanning
    The CRA Vulnerability Scanning service comprises external scanning for known vulnerabilities, i.e., scanning of subscriber assets that are accessible from the internet.

    The scanning scenarios in this service include a choice of assets, scan types, scanning intervals, and other information relevant to their execution. The scope of the scanning is defined upfront, during the preparation of the scanning scenarios. The list of known vulnerabilities tested for is updated regularly. We use our proprietary tool – Nessus – to scan for vulnerabilities.
  5. Penetration testing
    1. Perimeter
      An external perimeter security test involving a comprehensive simulation of an attack on network components by an external attacker. The goal is to determine how easily identifiable a target the network component infrastructure that is being tested is, and what information that can be subsequently exploited to gain unauthorised access can be obtained from the outside.
    2. Wi-Fi
      An internal security test of Wi-Fi technologies involving a comprehensive simulation of an attack on them by an external attacker. The goal is to determine how easily identifiable a target the network component infrastructure that is being tested is, and what information that can be subsequently exploited to gain unauthorised access can be obtained from the outside.
    3. Web applications and portals
      ​An external or internal security test of a web application involving a comprehensive simulation of an attack by an external or internal attacker. The goal is to determine how easily identifiable a target the network component infrastructure that is being tested is, and what information that can be subsequently exploited to gain unauthorised access can be obtained from the outside.
  6. Advanced traffic analysis with a focus on malware
    This analysis uses artificial intelligence and machine learning to identify cyber threats and attacks that other technologies cannot detect. The goal of the analysis is to verify the state of an organisation’s IT infrastructure through network traffic auditing and to recommend measures for improving security.

    This includes detection of unknown and targeted attacks and threats, detection of known attacks and threats, verification of compliance with security principles and policies, network and application performance testing, network visualisation, and forensic analysis.

  1. A European directive aimed at improving the security of networks and information systems in the EU.
  2. It applies to critical infrastructure providers (e.g., energy, transport or financial services), providers of digital services (e.g., cloud services or e-commerce platforms), and to government administration and local authorities that manage data pertaining to citizens.
  3. It obliges companies to identify and assess the risks involved in their communication systems, data networks, and information systems. They must implement appropriate risk mitigation measures.
  4. It obliges companies to ensure that their networks and information systems are able to quickly respond to and recover from an attack or another cyber threat.
  5. It requires companies to report any cyber incidents that could compromise the functionality of their networks or information systems. They must be able to document and evaluate each incident.
  6. It requires EU member states to set up a national entity (such as the NÚKIB) to monitor companies and organisations and work with them on risk minimisation.
  7. It requires EU member states to actively monitor the implementation of and compliance with the NIS2 Directive.
  8. It introduces obligations for entities related to incident management, including reporting, implementation of incident management tools, and business continuity management.
  9. It requires entities to conduct security audits and to continuously monitor the status of their information system and communication technologies.
  10. It sets out obligations regarding information security and defines penalties for non-compliance (CZK 10,000,000 or 2% of a company’s total worldwide annual turnover).
Tato část je určená k ochraně proti spam robotům. Vidíte-li tento text, vyplňte pole uvedené za otázkou. Tlačítko jsem robot ignorujte.
Kolik je dvě plus tři

Contact us

Others are also interested

Data centres
Data centres
With your servers and other IT equipment placed in a data centre, you retain full control of your equipment while securing space to run it with a high degree of availability.
Cloud
Cloud
A modern and secure corporate IT infrastructure solution that allows you to use unlimited amounts of computing power while ensuring a high level of availability. All this without you having to invest in your own hardware.
Telco and infrastructure
Telco and infrastructure
Connectivity from CRA offers high quality connection of sites to the internet, with uninterrupted availability. This ensures that services, information, and multimedia content reach your clients in a reliable and timely manner.
IoT - Internet of Things
IoT - Internet of Things
Connect your devices, sensors, meters, and other elements directly from the field to your application or system using our LoRaWAN infrastructure. CRA’s IoT Cloud is an ideal and universal platform for an integrated IoT multi network with huge synergy potential.
Streaming and OTT services
Streaming and OTT services
Digital TV and multimedia services are not just about content. For example, processing a video and delivering it to the recipient in a way that meets contemporary requirements is quite challenging. České Radiokomunikace’s streaming and OTT services – Media Cloud and HbbTV – offer very cost-effective solutions for multimedia services based on a unique cloud infrastructure.