Most security incidents originate inside the network. Data leaks can have significant financial and reputational impacts. We make sure your IT infrastructure is stable, secure, and ready for future challenges.

Common Challenges Our Clients Have Faced – And We’ve Helped Solve

Insufficient security measures / database configuration

Non-compliance with regulatory requirements or standards

Lack of systematic auditing and risk analysis

Optimal database configuration, data recovery, and backup

Database security reviews / audits

• Using the DiSec tool for automated evaluation of security settings

Configuration checks based on CIS benchmarks

• Systematic verification of compliance with international security standards

Creation and revision of internal guidelines or control mechanisms

• Setting up rules, policies, and control mechanisms in IT security

Comprehensive management, optimization, and database development in cooperation with Digitec Solutions

• Backup, performance tuning, migration, upgrades, and development services

Assessment of compliance with regulations and standards

• NIS2, DORA, GDPR, ISO 27001, COBIT, ITIL, etc.

Risk analysis and proposal of measures in IT and security

• Identifying vulnerabilities and proposing solutions

IT process maturity assessment

• Creating a maturity model and proposing solutions

DiSec and DiMon Tools

We use DiSec, an analytical tool, for IT system audits and application control audits. The tool’s output then serves as a basis for internal audits, regulatory checks (e.g., NIS2, GDPR) and the regular evaluation of database security levels. The outputs can also be useful when communicating with the Czech National Bank and NUKIB (National Cyber and Information Security Agency).

Another tool, DiMon, is used for continuous, long-term monitoring of these settings, keeping an eye on database performance, availability, and operational parameters. Regular reporting allows for early problem detection and operational optimization.

We work in four stages, ensuring an effective and secure assessment of the database environment. Based on the results, we identify vulnerabilities and propose specific steps for improvement and regulatory compliance.

Phase A – Preparation of scripts for database settings analysis
Phase B – Client runs the scripts, providing input data for our analysis
Phase C – Result analysis in KPMG's secure environment
Phase D – Final report with recommendations

The final report can be followed by a more extensive audit/review of the IT environment focusing on testing key IT areas (access rights, change management, incident management, physical and cyber security, data management within IT governance, etc.).

We cover the following technologies

Oracle Database (versions 11g – 19c)
More than 200 security checks according to CIS

Linux (Red Hat, Oracle Linux)
Over 650 checks being prepared for versions 7 to 9

Microsoft SQL Server (versions 2008–2022)
Near 50 checks according to CIS

Windows Server
Part of CIS benchmarks, OS security settings coverage

Standards and methodologies

CIS benchmark
Recommendations for security configuration of technologies (OS, databases, servers)

ISO 27001, COBIT, ITIL
Frameworks for management of information security and IT processes

NIS2, DORA, GDPR
Legislative requirements in the field of cybersecurity and data protection

Comprehensive audit of security settings according to CIS standards

The client was aware of the risks associated with insufficient security of their Oracle databases and wanted to compare their settings against existing benchmarks and standards. Using the DiSec analytical tool, we performed a comprehensive audit of security settings in accordance with CIS standards. A detailed analysis identified the biggest weaknesses, helping us propose specific measures to increase security. After implementing the recommended solutions, the client’s data protection improved significantly, reducing the risk of potential attacks.

Security configuration of Oracle and MS SQL databases

The client wanted to regularly evaluate the security level of their Oracle and MS SQL databases for internal purposes and to use as a basis for regulatory checks (NIS2, etc.). In response to recurring security incidents threatening sensitive data, we audited IT processes, configured databases, and introduced effective detection and response mechanisms. The DiSec tool now provides the client with regular and timely alerts about unusual activities and settings in Oracle and MS SQL databases.