Let's start with an example that can give us similarities between the physical and digital world:

“If we set up a business in the center of the city and a criminal arrives and steals our box, the next day we will have put up a tall counter to separate the spaces for clients and workers. A week later a delinquent arrives and jumps over the counter and steals our box. Again we make improvements and add an iron fence where no one can enter. A week later a delinquent threatens us with a pistol by the space where the money is delivered and they rob us again. Now we put a guard, but they come to rob us at night where there was no guard, now we put cameras and someone has to monitor them”

This example can iterate even more times, the important thing is to understand that all these physical security layers that we include mitigate the risk of being robbed, but even so we know that we cannot mitigate 100% that they do not rob us, without even thinking that theft may be from one of our workers.
In Cybersecurity, several layers of security must also be applied to mitigate the risk. There is no software, hardware or a single service or consultancy that mitigates the risk for us. It is a combination of products, services, systems and procedures that mitigate risk layer by layer.

 

Information Security Management System (ISMS)

The information security management system preserves the confidentiality, integrity and availability of information by applying a risk management process and provides confidence to interested parties that risks are properly managed. It is important that the information security management system is part of and is integrated into the organization's processes and the general management structure and that information security is considered in the design of processes, information systems and controls. . The implementation of the information security management system is expected to be scaled according to the needs of the organization.

 

ISO 27001 Standard

The best way to implement an ISMS is to have a reference framework against which to compare, the one that describes all the good practices that must be carried out to implement an Information Security Management System is ISO27001:2013. In addition, it helps companies improve security, comply with all cyber security regulations, protect and improve their reputation.

 

 

 

 

GAP ANALYSIS

Service that allows to identify the existing distance between the client's current information security and the most recognized good practices in the industry. During the execution of the service, our consultants will conduct interviews with the different areas of the institution to identify its current situation in terms of security, comparing it with the best practices or current regulations regarding information security. In this way, it is possible to identify the gap between the two and help the organization to design a plan to minimize the gap.

Our GAP Analysis proposal has the following activities:

• Survey of the current situation of the organization associated with Information Security processes
• Identification of the gap between the current security practices of the organization and the best practices in the industry, according to the requested standard.
• Analysis of the distance between the current practices of the organization and those required by the selected regulations.
• Detection of deviations in current security practices.
• Propose practices and controls to improve the company's current level of security.

Business Continuity Plan(BCP)

A business continuity plan is a plan for an organization to recover and restore its partially or fully interrupted critical functions within a predetermined time after an unwanted interruption or due to a natural or other disaster.

Recovering all the functions is unnecessary, we must recover those that are most critical for the organization and then the less important ones.

To determine what is important and what is not, a BIA (Business Impact Analysis) is built. The following image shows the results of having a BCM and a BIA.

 

Do you require more information? We have CISSP certified engineers and Lead Auditor 27001 to help you. Just write us what you are in and we will help you define a route.