POS Software , POS Hardware , varying Scales .
Thermal printers , price checkers, Scanners , solutions

V-TECH LTD

Security, POS specialist.

There are many ways to goal, We create the Optimal green one

VTECH Security Mehari Methodology

There are many ways to goal, We create the Optimal green one.

Mehari first objective is to provide a risk assessment and management method, specifically in the domain of information security, compliant to ISO/IEC 27005:2008 requirements and providing the set of tools and elements required for its implementation.

Mehari :

provides a risk management model, modular components and processes
includes an asset classification - discovers vulnerabilities through audit
analyzes a list of risk situations and provides seriousness levels for each
bases its analysis on formulas and parameters
allows an optimal selection of corrective actions
gives additional compliance measures to ISO 27002 (17799-2005)

International standard

Links to ISO 2700x are provided and documented

Official web site : http://www.clusif.asso.fr

Availability: Free (Open Source)

Target organizations:

• Government, agencies
• Large companies
• SME
• Commercial CIEs
• Non commercial CIEs

Used in EU member states :

France – UK – Austria – Belgium – Germany – Poland – Italia - Romania - etc

Used in non-EU member states :

Canada – Switzerland - Morocco – Lebanon – etc.
MEHARI 2007 downloaded from more than 70 countries world wide

Target kind of users

• Management
• Operational
• Technical

Skills needed

• To introduce : Standard
• To use : Standard
• To maintain : Standard

Regulatory compliance

•Applicable to operational risk reduction such as Basel II, SOX, etc.

Compliance to IT standards

• Provides ISO 27002 compliance measurement for the organization, applicable for ISO 27001 ISMS process and certification
• ISO/IEC 13335

Availability : Free download with optional identification

Maturity level of the Information system

The product gives a means of measurement for the maturity of the information system security It is possible to measure the I.S.S. maturity level : Maturity indicators (e.g. recovery plans, access controls, maintenance, incident management, etc.)

Tools supporting the method:

• Non commercial tools: macros and commands: Excel, Open Office
• Commercial tools: RISICARE from BUC SA

Tools can be integrated with other tools : data bases (e.g. SQL)

Security audit tips
If a security auditor isn't in the budget, these 10 IT security audit tips will go a long way in empowering you to protect your business.

Security Audit for Dummies
There is no formal definition for a security audit; and there is no legal requirement for a specified function called a security audit. Nevertheless, you need to do it; and the bigger you are, the more likely it is that there is effectively if not quite explicitly a legal requirement to do it.

PKI
PKI (public key infrastructure) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority .

WebTrust
Trust Services helps differentiate entities from their competitors by demonstrating to stakeholders that the entities are attuned to the risks posed by their environment and equipped with the controls that address those risks.