Information security is not a product. It is a continuous and transversal process, which must constantly evolve to cope with the organization’s changing risk profile.
Organizational practices, organized in processes, must keep the organization’s security level up to date according to evolving vulnerabilities, threats, and the numerous dimensions to be considered (technical, human, procedural) and resources available.
To achieve this, numerous frameworks and norms exist, all more or less equivalent: ISO27’001, NIST Cybersecurity Framework, CIS, etc. Our consultants help you leverage such frameworks in order to implement an enterprise-wide information security programme in a pragmatic manner, whether your goal is to achieve a certification or not. Aside the certification process, our main goal is to improve your company’s security posture.
Our services in the field of information security cover the entire lifecycle of security within the organization:
- Analysis of the organization’s risk profile
- Analysis of cyber risks, threats, attack vectors and vulnerabilities
- Development of a security program aligned with business needs
- Management of the information security strategy
- Risk treatment plan / security roadmap
Cybersecurity | Information security audits and analyses
- Information security risk analysis and definition of pragmatic risk management measures
- Thematic safety audits:
- Network security
- Operational security: integrating security into the organization
- Data protection and access rights
Specific security concepts
- Elaboration of security concepts adapted to the specific needs of your organization
- Development of security concepts related to specific topics
- Development of control environments within defined perimeter, to visualize the security footprint and identify areas where controls might fail
- Data protection concepts for large organizations (e.g. SIPD concepts in the Swiss public sector)
Information Security Management System (ISO 27’001)
- Risk management according to different methods (NIST, Mehari, ISO 27’005, etc.)
- Implementation of Information Security Management System
- Documentation: policies, standards and processes, procedures and guidelines
- Preparation for certification
- User and access rights management
- Data protection concept
- GRC audit (Governance, Risk & Compliance
Business Continuity Management System (ISO 23’301)
- Business Impact analysis
- Implementation of the SMCA according to ISO 22’301
- Development of business continuity plans (business areas)
- Development of business recovery plans and alignment between BCP and DRP
- Preparation for ISO 22’301 certification
Cybersecurity programmes and projects management
Our certified program and project managers are also information security specialists.
Our affinity and long experience in security enables us to integrate security aspects into all our projects, whether directly related to security or not, and to integrate security into the organization’s business processes in the best possible way.
Some examples of projects:
- Management of IAM programs, for several cantonal administrations and large companies
- Development and management of security programs for several companies (industry, insurance, telecommunications, etc.)
- Implementation of security practices in the company’s business or IT processes
- Elaboration of the monitoring cockpit of the cybersecurity strategy, based on carefully selected indicators
- Development of a strategy for the implementation of an Operational Security Centre (SOC)
For technical security services, our trusted partners are able to offer you the expertise and services necessary to ensure your technical security.