The services we provide are directed primarily to security processes and technologies. We provide services ranging from initial independent consultations to the ensuring of certification or output audit.
Our company provide consultations on individual areas of information / cyber security, GDPR, or we can ensure the entire implementation process, either according to the ISO 27001 ISMS standard, according to the Cyber Security Act, or the requirements of GDPR.
As part of the implementation, all elements that enter into information / cyber security are identified, a risk analysis and risk management plan are processed, security guidelines are processed to the extent specified below, internal audits are performed, mandatory records are processed (SOA, management review, report from risk analysis,…) etc.
Our goal is that the result of our work is not only the successful management of a certification audit or cyber security audit by the organization, but also the ability of the organization to continue to manage the risks of information / cyber security without a serious impact.
In short:
- People are trained and know what to do
- Measures are implemented, monitored, controlled and work effectively
- Technologies work according to set requirements and are regularly maintained
- SLA and NDA are according to your needs
- Compliance with legislation is ensured
And if anything, we know what needs to be done!
In the field of information / cyber security, we focus on processes focused on:
Organizational security
- Identification of security roles and competencies
- Creation and implementation of organizational processes (management review, SOA,…)
- Integration of security into the organization’s environment
- …
Information asset management
- Identification of primary and supporting assets and their guarantors
- Identification of links between primary and supporting assets
- Asset evaluation (Confidentiality, Integrity, Availability)
- Manipulation and labeling of information assets
- Liquidation of information assets
- …
Risk management
- Defining an acceptable level of risk
- Determination of methodology and implementation of Business Impact Analysis (BIA)
- Determination of methodology and implementation of Risk Analysis
- Design and elaboration of risk management plans
- Elaboration of risk scenarios and definition of context
- Identification of security measures
- Identification and assessment of security threats and vulnerabilities
- Impact Assessment (GDPR)
- …
IT security
- network security
- PC and laptop security
- Server and Database Security (CMDB)
- Development and testing security
- Mobile device security
- Encryption and data transmission
- Access control and identity management
- Backup
- Logging
- Monitoring and evaluation
- …
Physical security
- Physical security circuit
- Security zones
- Measures and procedures
- Implementation of physical security
- …
Personnel security
- Staff selection requirements
- Personnel selection procedure
- Security before signing the contract
- Safety during employment
- Termination of employment
- Security of external employees and entities
Incident management
- Determining incident categories
- Determining the right responsibilities of individual roles in the incident management process
- Determining the incident management process (notification, response, action,…)
- Methods of reporting incidents in accordance with legislation (GDPR, Cyber Act)
- Evaluation and verification of the effectiveness of corrective actions
- …
Continuity Management – BCM
- Identification of critical assets and critical processes
- IT recovery plan
- Inspections and testing
- …
Supplier Management (SLA Optimization and Efficiency)
- Identification of significant suppliers
- Review the SLA with respect to the company’s requirements and needs
- Synchronize the SLA with the IT recovery plan
- …
Compliance
- Ensuring compliance with legislation
- Ensure compliance with the relevant standard
- …