Information and cyber security

Information security and cyber security are closely related, even if they have different objectives. Information security addresses the confidentiality, integrity and availability of information and ICT services’ availability, reliability and trustworthiness. Cybersecurity relates to the whole of cyberspace and is primarily concerned with protecting the lives, health and property of people and organisations, entire societies and nations.

Information Security Management System based on ISO/IEC 27001

Information and cyber security can be ensured using an Information Security Management System (ISMS) based on ISO/IEC 27001. ISO/IEC 27001 defines the requirements for organisations that wish to establish, implement, maintain and continuously improve an information security management system (ISMS). It creates an environment that resists the risk of loss, damage or another compromise of information and systems. It serves as a guide to continually reviewing the level of information and systems security, which contributes to the reliability and value of the organisation’s services.

Benefits of ISMS for the organisation

  • Increased credibility and competitiveness of the organisation
  • Increased organisational resilience and reduced the occurrence and consequences of incidents 
  • Efficient management of the organisation and higher return on investment 
  • Protection of critical information assets and reduction of business risks
  • Compliance with legal, regulatory, contractual and other societal needs and expectations

Subject of our expert services

1 | Analysis of the existing system and ISMS project planning

Analysis of the context of the organisation and gap analysis of the current state Development of an ISMS project plan

2 | Establishment and implementation of the ISMS

Identification and description of the boundaries and scope of the ISMS Definition of the organisational structure, roles and responsibilities of individuals and relevant committees Design of the information security policy Setting up and documenting ISMS processes

3 | Information security risk management and controls management

Selection and documentation of risk management methodology Identification, analysis and evaluation of risks Selection of risk treatment options and controls Preparation of Statement of Applicability (SOA) Management of risk treatment plans

4 | Documentation of topic-specific policies and procedures

ISMS documentation structure design and management Design and documentation of topic-specific policies and procedures Support for the implementation of specific measures Design and performance of training and awareness-raising activities

5 | Security testing and vulnerability management

Web application security testing Infrastructure security testing Social engineering practices testing Vulnerability management

6 | Internal audit, supplier audit and certification audit support

Draft and documentation of the ISMS internal audit charter Draft ISMS audit programme and planning of audit activities Implementation of internal audit and supplier audit Support follow-up activities and actions after the audit Preparation for and support during the certification audit

Advanced GRC applications

The difficulty of executing ISMS processes increases with the size of the organisation and the maturity of the ISMS and security controls. For complex organisations with complex management systems, we recommend using advanced modular tools.

More information can be found in the Applications section.

Quality of our services

During the provision of consulting services, the standards of quality of consultancy services based on ISO 20700, information security based on ISO/IEC 27001 and project management based on ISO 21502 are applied.

Competences of our consultants:

  • Certified ISO/IEC 27001 Lead Implementer *
  • Certified ISO/IEC 27005 Lead Risk Manager *
  • Certified ISO/IEC 27002 Lead Manager

When conducting an internal audit (first-party audit) or second-party audit, the best practice of auditing management systems, as defined in ISO 19011, ISO/IEC 27007 and other relevant standards, is applied.

Competences of our auditors:

  • Certified ISO/IEC 27001 Lead Auditor *

* NOTE: ISO/IEC 17024 accredited or relevant ISACA certification.

Are you interested?

    Privacy Statement