On top of our core security services, we offer extra products and services that complement the overall company security.
To assure the appropriate level of security it is required to engage the security experts in the early stages of the design and architecture, not to understand the security as an add on.
We offer our experienced advisors – certified CISSP, PMP, Prince II, CGEIT and TOGAF – to participate on each stage of the ICT project. The experts are available for particular parts of the projects, ad-hoc consulting, as well as for ongoing guidance and advisory.
One of the pain points of each risk management process is to identify and choose appropriate measures to minimize the risk level, as well as to continuously measure the evolution (reduction) of the risk level.
We offer the support in the phases of the methodology definition (covering all required aspects of potential constraints acting to the company initial assets identification and evaluation, initial risk analysis, risk assessment.
We offer our experts – certified CRISC, ISMS manager, CISM, CISA – to participate on the risk management process.
The security policies and procedures need to be harmonized with other management systems implemented in the organization – e. g. process management (e. g. ISO 20000/ITIL) or business continuity (BS 25999, ISO 22301) – to use the synergies and to support each other. In recent past, companies required an internal employee for the expert tasks, however nowadays they are often outsourced.
We offer our experts – certified CRISC, ISMS manager, CISM, ITIL Expert, Six Sigma Black belt – to participate on the security governance.
As each ICT system shall support the users’ requirements on the functionality, the security (Confidentiality, Integrity and Availability) is a key qualitative factor allowing to fulfil that goal. Each audit is performed against defined etalon based on the clients’ requirements (e. g. contractual requirements, best practice, standards, company standards, legal regulatory, etc.)
We offer our experts – certified CISA, Lead ISMS auditor – to participate on the audit process.
In the area of audit/compliance, our advisors have long term expertise with the following standards/areas:
Decree of Czech Central Bank # 123/2007 Col., 163/2014 Col., PCI DSS., Pharma industry, FDA GxP., Telco ICT industry, Act no. 127/2005, Col. (data retention), ISAE 3402., Critical infrastructure, Act no. 181/2014 Col., inc. Decrees, SCADA Security standards., Content responsibility and intellectual properties, Act no. 121/200 Col., Acts no. 40/2009 Col. & 418/2011 Col.
The cyber attacks handling, business continuity and disaster recovery are often exercised in a formal way, that does not allow the appropriate response teams to prepare for a real situation. We offer the simulation exercises consisting of various escalating events, that helps the teams to prepare, as well as to identify weaknesses of the actual company plans. The exercise can be realized either in a simulated customer environment in our lab, or directly in the live environment of the customer (with pre-defined allowed targets and the level of accepted exposure/damage).
We offer our experts – certified CEH, eCPPT, Lead IMS auditor – to participate on the SIMEX.
We provide the court recognized witness analysis and statements, that are often needed in case of ICT security based litigations.
Vulnerabilities management is part of the cyber attack prevention program. The patched and up-to-date systems supporting business operations are the crucial assumption of secure operations. The efficient and effective processes around the patch management allow to react on the appearing vulnerabilities and threats in a timely manner.
Brussels is addressing cybersecurity. Who is affected and what needs to be done? Tens or…19. 11. 2018
GUARDIANS 2019 Zastav útok hackerov! „Vyhraj voľby, môžeš všetko?!“ V treťom ročníku hry Guardians narušia…30. 08. 2018
We share Albert Einstein’s view completely. Our company is not afraid of challenges. Each…07. 08. 2018
The CSIRT team coordinator has received an information about the data breach and immediately issued…