Cyber Security, Information Security, conforming to the AVG, GDPR, audits… are terms that we regularly hear from our customers. But what exactly is Cyber Security? What does is consist of and how can our Cyber Security consultants help you to optimally protect your information systems, data and assets against digital attacks?
Quality considers Cyber Security to be a broad concept with different facets that are not just technologically driven. For us, Cyber Security consists of three related components that are directly related to your information security:
By taking measures at all levels, it is achieved that your organization, information, data and assets are optimally protected against digital attacks. Consultancy we offer includes:
In consultation with you, our consultants ensure that all requirements that are directly or indirectly related to your information security are recorded. They do this by working on a project basis, in which different phases are distinguished. During the requirements management phase (in project terms “the definition phase”) all stakeholders will be identified and questioned. In this way you can be sure that the project is supported by key players and that it produces a fixed set of requirements.
Information Security Policy
The degree of success in repelling digital attacks is primarily determined by your information security policy. Our consultants can review and assess your current information security policy for actuality and effectiveness in a world in which digital attacks are increasing and evolving at lightning speed. They can also draw up your information security policy, whereby various policy starting points, principles, governance and measures are established in consultation with your stakeholders to prevent digital attacks.
Based on your information security policy, our consultants can devise and design your information security landscape. In doing so, they take into account people (e.g. prevention of social engineering), processes (e.g. optimization of process security through data classification) and technology (e.g. technical implementations of policies through firewalls, IPS/IDS, ATP, proxies, et cetera). Our engineers can then assist you by building the technical measures within your organization, but also outside it. Think, for example, of your cloud infrastructure and cloud services.
Cloud Security deserves a separate status in our opinion. This is not so much related to another way of information security in relation to “People, Processes and Engineering”, but due to the growing importance of “the cloud” in general. With this, it stands out that in many organizations the information security policy does not sufficiently take into account the challenges that “the cloud” entails.
The Cloud infrastructure and cloud services in general have a shared responsibility regarding management. One part is the responsibility of the Cloud supplier and another part of the user (organization). This partly depends on the types of services that you as an organization purchased from “the cloud”. The use of “the cloud” presents new challenges and requires different knowledge and skills, also in the field of Cyber Security. Our consultants are happy to help you make safe use of “the cloud”.