INFORMATION SECURITY CONSULTING

Our experts help you assess, update or even create your company's data management rules, information security strategy, policies, disaster recovery and business continuity plans. With the right analysis, our customers can implement optimal business processes and system development strategies.

BUSINESS IMPACT ANALYSIS (BIA)

It is essential for organizations to be aware of the importance of each business process – how the loss or non-functioning of a process at the expected level effects the entire organization. During BIA, we look at defined processes or even define processes and their contexts and evaluate them with the responsible ownersof each sub-processes. Regular events such as migration or possible patch installation can cause disruptions, but these can be eliminated with proper preparation. Unexpected events can also completely disrupt the day-to-day business, such as a pandemic situation, or even a supplier outage. By assessing their effects in advance, possibilities of unwanted outages can be managed with well-planned steps. 

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE (GRC)

In order to ensure an adequate level of functioning of business processes, it is important to identify the possible threats as well. With the help of risk management, we identify these threats and vulnerabilities in systems and develop measures to address them appropriately based on their impact and likelihood of occurrence. We help you identify risk factors such as cyberattacks or traditional and digital threats (ransomware, phishing attacks) that can affect your day-to-day business. Our experts help you create a comprehensive risk management that supports the entire company in the preparation of processes or their automation.

INFORMATION SECURITY AUDITS, COMPLIANCE

Within this framework, we carry out the verification of compliance with existing information security requirements (laws, standards, recommendations, etc.), the development of proposals for measures to achieve compliance and, if necessary, the required preparation for compliance as well.

INFORMATION SECURITY RISK ANALYSES

With the Information Security Risk Analysis service, we highlight the weaknesses of the information processing system (process, resource, technology, etc.) against various threats and the extent of the business damage caused by exploiting them, with the aim of creating risk-proportional protection.

DEVELOPMENT OF INFORMATION SECURITY MANAGEMENT SYSTEMS

(Information Security Management System – ISMS), its regulation (Information Technology Security Policy – ITSP)
When providing ISMS services, we define requirements, processes and responsibilities to ensure that the level of protection of an enterprise information security system can be continuously improved and/or maintained at the desired level.

BUSINESS CONTINUITY PLAN AND DISASTER RECOVERY PLAN (BCP, DRP)

Within the framework of crisis and disaster management, we design and manage proactive and reactive protection systems (resources, capabilities, processes) that are in place to enable disaster response and recovery in an optimal timeframe.

The BCP is a document that defines the steps one can take to respond to impacts threatening business continuity. These steps can be preventive, perceptive, responsive actions. If the organization suffers an impact that would result in a critical downtime of the IT system, we can use the DRP or services to help. Our consultants study, assess and organize the company's business-critical tasks, and then, based on the company's characteristics, prepare a description of the steps that ensure the continuity of the company's business.

INFORMATION SECURITY OFFICER (ISO), MENTORING, EDUCATION, AWARENESS

Established information security systems (processes, technology, resources, etc.) become effective when they are associated with the day-to-day work of well-trained professionals. In the field of information security, we are happy to share our latest knowledge for our clients through organized trainings and awareness-raising courses.

GENERAL DATA PROTECTION REGULATION (GDPR) PREPARATION

In order to comply with GDPR, we assess in detail personal data processing activities, and we carry out analysis required by the regulation (data protection impact assessment, interest balance test, etc.) and then we establish the processes, regulations and technical controls necessary for the operation of a sustainable data protection system.

REGULATORY COMPLIANCE WITH “ACT L OF 2013” (HUNGARIAN LEGISLATION)

If our client is subject to Act L of 2013 in Hungary and is required to demonstrate compliance with the security level of the organization and the security department of the electronic information system, we will undertake completion or review of the OVI and SZVI forms, and where appropriate, we develop the documentation in detail by revising the relevant company documents, by exploring the situation and by personal or online conferences.

INFORMATION SECURITY SITUATION ANALYSIS

Defining the level of information security in an organization may be necessary, even to facilitate a major strategic decision, but it is now also essential to start to comply with information security laws, standards to achieve a higher level of protection. Our experts help our customers in the framework of information security situation analysis to get an accurate picture of the security and information protection of the electronic information system that supports the business processes.