Information security often is not something companies want to do, but rather something they feel compelled to do in order not to be left behind or suffer losses. However there is also high potential for information security to generate actual value for the business.
Processes and procedures
We believe in the trininty of information security: - People - Process - Technology. To give an idea wha the trinity is in our understanding - we truly believe lacking in any of the three can not be compensated by overinvesting into any one of the others! For actual security all three have to be in clear balance, otherwise information security incidents are inevitable.
From our side we provide training services for the people, but training only works in environment where the processes are clear and known accross the scope of information security landscape. Technology support also has to be there.
Our main focus is on ISO/IEC 27001 based information security management systems which we believe if efficiently implemented can be very effective way to improve information security within organizations. While we have experience in other methods (like COBIT, ValIT, ITIL, M_o_R and others) we see there is major increase in ISO 27001 based ISMS (information security management system) implementations which suggests our bet on this method is well placed. Also for many governmental organizations big parts of legislation in EU countries where we work most is based or related to ISO 27001 principles.
Technology
People in our team mostly come from strong background in both the process design as well as technology knowledge. This allows us to support technology implementations of different scenarios, design the scenarios of technology combination by not just relying on marketing materials, but on actual experiences with technology. Our experts have hands on knowledge of most operating systems (like Linux, Windows), different network technology (HP, Cisco, firewall solutions by Check Point, Palo Alto and others), different middleware solutions (like Nginx, SQL databases by )
Capacities and experience
In combination our team has way more than 100 years of experience in information and cybersecurity. We have and maintain a multitude of certifications. Just to name some: CEH, CISM, CISA, ISO 27001 Lead auditor, ISO 27001 Lead implementer, ISO 22301 Lead implementer/auditor (Business continuity management), ITIL Foundation and Practitioner levels, Data center specialists, ISO 20000-1 Lead auditor/implementer, Certified Digital Forensics specialists, Certified information security incident handlers, M_o_R, ISO 27005 and ISO 31000 certifications in risk management and many others.