Audits and consulting

Regardless of whether you are just starting out with cybersecurity or intending to take it to the next level, our consultants will perform a detailed analysis of your current security posture and draw up an implementation plan to achieve the desired level of security. 

[service includes]

To ensure that information security is managed effectively, it is necessary to review all the layers of protection that form a wall around the organization’s data. Various security standards can help us define the organization’s desired security posture.


GAP analysis is one of the ways to find the differences between current and desired state. This allows us to identify gaps and deficiencies in relation to the defined requirements. In addition to identifying gaps through this analysis, our experts can help you prioritize your needs.

Information security management requires a comprehensive approach and a focus on the entire structure of an organization’s IT assets, from networks to endpoint devices, as well as to applications and the actual data we work with. A risk analysis tells us what needs to be protected and from what, and then we can focus on how to do it.

With a detailed analysis, prioritization is possible, thus allowing an organization to focus first on the threats that have the greatest potential impact and are most likely to occur. We can then make informed decisions and use the available resources more efficiently.

Our experts can advise and help you with effective management of your IT assets, i.e. setting up the processes for procurement, cataloguing, control, maintenance and decommissioning, to have all the risks covered in terms of asset management.

The importance of having an information security manager (CISO) on board has grown tremendously over the past few years. Professionals are in short supply, demand is high, and organisations are having difficulty filling these positions. A proficient CISO must possess a healthy mix of technical skills, strategic and managerial thinking, as well as knowledge of security standards and norms.

The scope of services typically includes:
  • Taking over responsibility for security management 
  • Risk assessment (assets, vulnerabilities, threats) 
  • Setting the strategic security priorities 
  • Drawing up an implementation plan for mitigating the risks 
  • Defining and selecting suitable technical solutions 
  • Implementation of process and technical measures
  • Developing security policies, procedures and documentation 
  • Change management 
  • Organising staff training
  • Organising penetration tests 
  • Carrying out internal audits and organising external audits

We can help you in analysing compliance with the requirements under Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data (GDPR), and we can also provide advice on the implementation of such requirements or on the preparation of the data protection impact assessment (DPIA).

In the event of disruptions of various origins, putting together a robust business continuity plan means that your business will be more likely to handle such events without any major problems. This keeps applications operational, products and services available, data accessible, or physical locations and people safe. In addition, with a systematic approach to business continuity management, you can expedite the recovery of critical activities and keep customer dissatisfaction at bay.

Our experts can provide training on a variety of topics.
You can choose any the following, among others:
  • Preparation for a Critical Security Incident
  • ITSCM – IT Service Continuity Management
  • Disaster Recovery
  • Introduction to Cybersecurity
  • Security Operations Centre (SOC) Overview
  • Online Security Awareness Training (SAT)
  • Introduction to Incident Handling

 

If you are interested in training beyond the scope of the above topics, we can design a specific training course tailored to your needs.

Expert advice and preparation of security documentation, such as policies, procedures and other supporting documents, in accordance with applicable legislation or standards 

We can help you get ready for an audit: 

  • ISO 27000 series of standards
  • Decree No. 158/2018 Coll. of the Office for Personal Data Protection of the Slovak Republic
  • Methodology for ICT Security
  • Decree of the Czech National Cyber and Information Security Agency (NÚKIB) 82/2018 (decree on cyber security)
  • NIST SP800-218 Secure Software Development Framework
  • Regulation 2022/2554/EU on digital operational resilience for the financial sector (DORA)
  • VDA ISA 5.1 – TISAX
  • Decree No. 362/2018 Coll. of the National Security Authority (NBÚ)
  • Decree No. 179/2020 Coll. of the Ministry of Investment, Regional Development and Informatisation of the Slovak Republic (MIRRI) 
Feel free to contact us on any subject in the field of information security and we can arrange a meeting with you to provide an ad hoc consultation.
[road map of expert services]
[our team]