Information security services

With SmartSet, information security is a prominent field of activity. With the help of applications that we developed, and advisory services by qualified specialists, we contribute to a higher level of information security for our clients.

The role of information is growing continuously in the economy. In many cases, the value of the data in a company is worth more than their other assets. Losing it, or having it land in unauthorized hands would not only mean direct financial damage, but it would also endanger the good reputation and image of the company.

In order to be able to ensure better security, as a first step, we have to evaluate the current status. SmartSet offers help with just that, through an information security assessment, during which we do a simplified audit, aimed at exploring the IT environment of the client based on security viewpoints, in order to suggest solutions for accrued deficiencies.

Our colleagues apply COBIT methodology to determine whether IT systems satisfy common practice, the requirements of a corporation, or prevailing legislative regulations.

  • As a first step, we define the scope of the audit together with the client.
  • After defining the scope, we execute the survey in the affected areas based on the related COBIT question list.
  • After gathering enough information, we continue by exploring threat factors, and deficiencies in IT operation and vulnerability, so as to evaluate their risk.
  • During the evaluation, we regard legislative regulations, as well as national and international „best practice” control solutions as the expected security level.
  • When the evaluation is complete, we give proposals for the design of an adequate IT security system and for the elimination of deficiencies.
Image

SmartSet can also provide the following in exchange for a monthly fee:

  • Implementation of a security classification by CISA experts.
  • Review of the current status and preparation of an action plan to attain the expected level.
  • Within the scope of a commission contract, we can perform the tasks of the person responsible for the security of electronic information systems, which are stated in the law governing information security.
  • Participation in the revision and elaboration of information security politics, strategy, regulation, acquisition and development procedures.
  • Engagement in security awareness education and in the training of the involved personnel, for a higher level of security awareness.
  • Preparation of risk analysis, along with regular and priority security analyses and evaluations.
  • Development of solutions for logical and physical security, in proportion with the risks. In such cases, we use devices that we develop, and solutions recommended by our partners.

In case you want to take the information security status of your company to the next level, we recommend our information security advisory service.

If the need arises, due to legal or supplier regulations, or due to other considerations, we are willing to undertake the training of the organization for the ISO 270001 qualifications.

We can be of help, regarding special threat safety and audit adequacy via the following solutions.

IT security regulation control regarding organizations

By involving our experts, we evaluate regulatory systems, explore possible deficiencies, and make recommendations for corrective measures, all within the frame of an internal audit, thus increasing the chances of a successful external audit.

Audit support

Our innovative permission exploration and digital footprint analysis solutions enable us build an online audit system that can represent a segment of any random moment about the compliance of the examined environment. The process happens in the form of reports defined in advance, therefore during the examination, the evidence list the auditors need can be produced with a single click.

ISO 27001 training

The value of Information data is often a significant and defining value in the operation of a company. It requires just as much serious protection as any other asset, if not more. The first and most important step in protection is regulation and control. The ISO 27000 family of standards encompasses the operation of a company, its management and inspection, viewed from an information security perspective. ISO 27001 is a widely accepted and applied international standard for information security management systems (ISMS). The introduction of this standard provides a base for building adequate information security protection. The standard was made in such a way that eases interconnection with other management standards such as ISO 9001 and ISO 14001, which allow organizations to develop largely integrated management systems.

The advantages of certification:

  • The attainment of a higher level of security by proper risk management
  • It increases customer trust, allowing for new business opportunities
  • It ensures the continuity of business
  • It enhances compliance with laws

SmartSet employs specialists and professional partners, who have CISA and ISO 27001 internal auditor qualifications to advise your organization during a qualification audit. Via our business partnerships, we are also ready to undertake the creation of complex control systems with the inclusion of other standards (like ISO 9001, ISO 14001 etc.). Furthermore, we can also recommend an independent, accredited auditor company that can issue an official qualification.

If an Information Security Management Systems (ISMS) is already introduced at the company, we can examine the existing regulations and their implementation. The steps are the following, with regards to standard compliance:

 

  • Revision of existing documentations,
  • Checking of affected processes and activities,
  • Proposal of corrective measures for discovered deficiencies and shortcomings.

After the implementation of the recommended correctional steps, the company shall be ready to undergo a qualification audit with far better chances. This may be done by an independent, accredited auditor company.

Whereby an Information Security Management System (ISMS) is not introduced, we may have to establish the necessary regulatory processes, document them, introduce them to the staff and train them, operate the system for at least three months, then have an accredited company do a qualification audit to acquire the qualification. The steps of this process are as seen below:

 

  • Assessment of the momentary status (processes, existing documentation)
  • Based on the initial assessment, optimization of the affected processes, activities and documentations, and preparation of proposals for their execution.
  • Correction of documents and the creation of missing ones. Typically, the below-mentioned documents are necessary:
    - Security politics
    - Risk management and analysis
    - Statement of admissibility
    - Inventory of assets (revision in accordance with the standard)
    - IT Security Policy
    - Physical safety plan / instruction
    - Disaster recovery plan
    - Business continuity plan
    -ISMS handbook - audit plan
    - Human politics procedures, regulations
  • Introduction of ISO 27001. Education of the organization to use and operate the standard.
  • Preliminary audit (further corrective measures if the results so require)
  • Three months of verified operation, followed by a qualification audit.
  • The introduced management system has to be continuously operated, maintained and periodically audited.

In case you do not need an ISO 27001 qualification, but want to take your company’s information security status to the next level, we suggest that you request our information security advisory service.

If you are an appointed local government leader, we recommend our local government information security service.

IT security

  • CISA – Certified Information Systems Auditor
  • ISO 27001 internal auditor
Copyright © SmartSet International Ltd. 2019. All Rights Reserved.