Information security management

Information is a component of key business assets (values) of organization, which protection is crucial for its survival and development. Information possessed by organization has its real value and is often vulnerable to threats such as deft, destroy or falsification. Along with development of Internet new threats appeared like computer viruses, spyware, hacker attacks, thefts of credit cards’ numerous, identity thefts, industrial espionage. They can incur losses of competitiveness, reputation and potential financial losses. We can hear more often about incidents of security information breach. Security information is the protection of information from wide range of threats to assure business continuity, minimize business risks and maximize profits. Security information is realized by implementation of appropriate protection system including policy, processes, procedures, organizational structure, software functions and hardware. Security measures have to be established, implemented, monitored, checked and improved. Establishment and implementation of Information Security Management System (ISMS) should be a strategic decision of every organization.

An efficient implementation of ISMS should consist of:

  • clear definition of the purpose and scope of the System,

  • identification and appropriate threats assessment,

  • selection of approprite and relevent to type of business security controls and measures, protecting key assets for the organization not only limited to the technical or IT aspects, but also addressing an organization and staff training issues to raise awareness of employees and ensuring the completeness and efficiency of the whole System,

  • continous monitoring and System review that takes into account changes of the organization, business processes, costumer services, technology and enviroment in which the organization operates, as changes in laws and regulations or contracts with external entities.


Scope:

Information security

Information Security Management System implementation according to PN-ISO/IEC 27001:2013 standard requirements
In progress
Information Security Policy implementation
In progress
Personal Data Security Policy implementation
In progress
Information security incident management plan implementation
In progress
Implementation of methods for assessing an information security risk likelihood and magnitude
In progress
Information and personal data security risk analysis
In progress
Developing / review of information security policies and procedures in order to adapt them to the requirements of PN-ISO/IEC 27001:2013 standard or legal and business requirements
In progress
Development and implementation of ISMS audit program
In progress
Fulfilling of Information Security Administrator duties (outsourcing or body leasing basis)
In progress
ISMS compliance audit with PN-ISO/IEC 27001:2013 standard requirements
In progress
Compliance audit with PCI DSS (Payment Card Industry Data Security Standard)
In progress
ISMS compliance audit with legal and regulatory requirements
In progress
Audit of implemented technical – organizational solutions in range of information security and personal data compliance with the requirements of applicable polish law
In progress
Risk audit in range of information and personal data security
In progress

ICT security

Disaster Recovery Plan for ICT infrastructure implementation
In progress
Technical – organizational solutions implementation in range ICT services continuity
In progress
ICT services risk management programs implementation
In progress
ICT infrastructure security vulnerability and risk assessment
In progress
Network Perimeter Security Testing
In progress
Security Testing of IT Infrastructure Elements and Services
In progress
Security Testing of Internal Network of an Organization (including Wi-Fi)
In progress
Voice-over-IP (VoIP) Infrastructure Security Testing
In progress
Web Applications Security Testing
In progress
Mobile and Embedded Applications Security Testing
In progress

Zapraszamy także do zapoznania się z ofertą szkoleń skierowanych do osób zajmujących się opracowaniem, wdrożeniem i utrzymaniem SZBI oraz dla pracowników organizacji będących użytkownikami informacji.