Information security is not a product. It is a continuous and transversal process, which must constantly evolve to cope with the organization’s changing risk profile. Organizational practices, organized in processes, must keep the organization’s security level up to date according to evolving vulnerabilities, threats, and the numerous dimensions to be considered (technical, human, procedural) and resources available.
To achieve this, numerous frameworks and norms exist, all more or less equivalent: ISO27’001, NIST Cybersecurity Framework, CIS, etc. Our consultants help you leverage such frameworks in order to implement an enterprise-wide information security programme in a pragmatic manner, whether your goal is to achieve a certification or not. Aside the certification process, our main goal is to improve your company’s security posture.
Our services in the field of information security cover the entire lifecycle of security within the organization:
Analysis of the organization’s risk profile
Analysis of cyber risks, threats, attack vectors and vulnerabilities
Development of a security program aligned with business needs
Management of the information security strategy
Risk treatment plan / security roadmap
Cybersecurity | Information security audits and analyses
Information security risk analysis and definition of pragmatic risk management measures
Thematic safety audits:
Operational security: integrating security into the organization
Data protection and access rights
Specific security concepts
Elaboration of security concepts adapted to the specific needs of your organization
Development of security concepts related to specific topics
Development of control environments within defined perimeter, to visualize the security footprint and identify areas where controls might fail
Data protection concepts for large organizations (e.g. SIPD concepts in the Swiss public sector)
Information Security Management System (ISO 27’001)
Risk management according to different methods (NIST, Mehari, ISO 27’005, etc.)
Implementation of Information Security Management System
Documentation: policies, standards and processes, procedures and guidelines
Preparation for certification
User and access rights management
Data protection concept
GRC audit (Governance, Risk & Compliance
Business Continuity Management System (ISO 23’301)
Business Impact analysis
Implementation of the SMCA according to ISO 22’301
Development of business continuity plans (business areas)
Development of business recovery plans and alignment between BCP and DRP
Our certified program and project managers are also information security specialists.
Our affinity and long experience in security enables us to integrate security aspects into all our projects, whether directly related to security or not, and to integrate security into the organization’s business processes in the best possible way.
Some examples of projects:
Management of IAM programs, for several cantonal administrations and large companies
Development and management of security programs for several companies (industry, insurance, telecommunications, etc.)
Implementation of security practices in the company’s business or IT processes
Elaboration of the monitoring cockpit of the cybersecurity strategy, based on carefully selected indicators
Development of a strategy for the implementation of an Operational Security Centre (SOC)
For technical security services, our trusted partners are able to offer you the expertise and services necessary to ensure your technical security.