Cybersecurity management system implementation and maintenance is crucial for due protection of IT systems within an organization. We offer the complex service comprised of the analysis of cybersecurity needs, definition and implementation of necessary processes, training, periodic auditing and overall monitoring of the management system. The sustainable cybersecurity management systems shall take under consideration both regulatory requirements and results of a risk assessment as well as needs of any party directly or indirectly affected by security controls.
Cybersecurity management audits
The audit allows to assess cybersecurity management processes and identifies areas that need to be improved. We determine, through risk assessment, priorities of corrective actions considering specific business needs, including ones resulting from other IT projects. Audit recommendations always take into account the requirements of affected business domains. The audits base on best practices documented in professional standards adequate to the agreed scope of assignment. The scope of the audit may also include conformity with an indicated standard (e.g. ISO/IEC 27001), which in particular allows to verify the readiness of the organization to undergo the certification process.
We accompany our customers in internal cybersecurity audits backing them up with necessary knowledge and competence. The support is intended first of all for the organizations obliged to periodically conduct internal audits, e.g. by corporate governance rules, regulators and legislation, while lacking human resources.
Social engineering tests
The security of IT systems to a great extent depends on user awareness and abiding internal rules and regulations. Vast number of notorious cyberattacks would have failed unless the human factor. Carelessness, obliviousness, routine, haste, excess trust, ignorance of techniques used by cybercrime are most common human errors resulting in millions of loss. Our consultants test the level of the employees’ vigilance, effectiveness of training and awareness campaigns. The tests simulate activities aiming to obtain information, log in to users’ accounts, infect systems with malware or to steal media. Testing is conducted securely and does not inflict any risk of IT systems malfunction, data damage nor loss. Social engineering tests are recommended particularly as a part of cyberthreats and secure information processing awareness program.
Cybersecurity management system
The idea of implementing cybersecurity management rules could emerge from legal and regulatory demands (e.g. for financial sector, critical infrastructure) or industry specific practices. The implementation may be enforced by shareholders, corporate policy, demand of customers or improving market position by obtaining certificates distinguishing the company from its competitors. The reason can also be most obvious – to keep the risk on acceptable level.
Regardless of what the rationale is – we are ready to support you in implementing the cybersecurity management system. We help to optimize existing systems and adapt them to changing needs and demands. The processes defined during the project are tuned to fit the real requirements of the organization. The system may comply with standards regarding information security management (ISO/IEC 27001), information technology service management (ISO/IEC 20000), business continuity management (ISO 22301), may be based on integrated standards as well. A unique design consisting of a choice of elements resulting from different standards, including corporate requirements and tailored to the clients’ demand is also possible.
We analyze and verify the completeness and correctness of existing management systems, both functioning and being developed. We evaluate their adjustment to present and future needs of the organization. In result of the analysis we present recommended correction and improvement.