ICT security must be an integral part of the exchange of information both between users using Information and Communication Technologies (ICT), but also among the technical components of each system.
We help our customers not only with possible technical solutions of protection, but also with organizational and procedural aspects of security.
Also, we can prepare customers for the introduction of the Information Security Management System – ISMS based on ISO standard ISO / IEC 27001 and ISO / IEC 27002.
The ISO 27001 standard specifies requirements for provision, implementation, monitoring and improvement of ISMS.
While ISO 27002 provides a detailed catalog of security measures. This is a summary of measures from which you can choose during building the ISMS.
We are also preparing customer for implementation of security based on the Act on cybersecurity 181/2014 Coll.
METHOD OF EXECUTION
Preliminary examination the state of ISMS, processing of risk analysis, design recommendations for action to achieve compliance with the relevant standards and legislative requirements, workshops, and comments on the draft, the final detailed documentation identifying next steps.
We also assist in the implementation of processes in the IT department.
DETAILS OF THE START EXAMINATION
- demarcation and scope of ISMS, a clear definition of what is excluded from the scope of the reasons for removal
- existing ISMS policy
- Search and risk assessment ISMS – checking the settings the current methodology
- Review concerning the information assets
- owners, guarantors
- determining the significance of individual information assets
- existing threats
- vulnerabilities that can be used by threats
- impacts in terms of availability, integrity and confidentiality
- the likelihood of security failure and its consequences ie. the impact activation
- level of risk and estimate whether they are acceptable, or necessary mitigation measures
- identifying and managing risks
- objectives and measures according to Annex A to ISO / IEC 27001: 2006
- residual risks and the existence of consent of the management of organization with residual risks
- the status of management of risks according to ISO / IEC 27001: 2006
- Statement of Applicability ISMS
- procedures for early detection of attempts breaches of security in the field of IT
- functionality and measurement of effectiveness of the measures
- periodicity of ISMS efficiency review
- review of risk assessments including residual risks regard to the identified threats, the effectiveness of the measures and changes in the organization
- regular implementation internal ISMS audits
- recording of security incidents
- security plans, continuity plan (BCM)
- the framework of IS security policy
- IS security policy
- activities of the security manager and security administrator
- Information security for users
- personnel security
- physical Security
- the security committee