... and our passion to keep data safe
A Chief Information Security Officer is responsible for providing advice, supported by facts and experience, based on the trade-off between risks, costs and business requirements. (S)He communicates in comprehensible language for all layers of the organisation (from the shop floor to the management), and in addition to giving advice is often responsible for, or at least involved in, the handling of incidents, monitoring the security policy, and maintaining security awareness within the organisation. For many SMEs, having your own CISO is not feasible or necessary. They can choose to combine this role with a position within the management or ICT department, but perhaps we, as an independent external expert, can help you even better by filling this role part-time.
Be aware that technology can only help you to limit the effects of human error or criminal manipulation. Your employees are working with your valuable data on a daily basis. Keep that data safe by creating better security awareness in your organisation. A single click on a malicious link can infect your systems and create major mayhem in your organisation; these days all kind of organisations, from small shops to multinationals, fall prey to ransomware attacks. But many more attack vectors are available and new ones are continuously invented. So a regular updates on security awareness has become a necessity. Our security awareness training is updated on a regular basis, and can be tailored to each level of your organisation.
Besides standard off the shelve hardware and software you use custom built applications on a daily basis. Unfortunately not all software is designed and implemented with security in mind, and scanning will not find security flaws in your custom built applications, because they only provide known vulnerabilities in off the shelf software packages. That is where penetration testing comes in. We continue where scanners stop. Try to identify logic flaws and configuration errors using provided information or information we gather during reconnaissance.
Current and upcoming laws necessitate you to be aware of known vulnerabilities in the hardware, firmware, and software you use. Vulnerability scanning and monitoring are the basic services you need for this, but these may include false positives that are of no interest to you. That is why analysis and reporting by specialists is important. We provide a complete package, that not only informs you of identified vulnerabilities, but also keeps track over time and takes into account any mitigating measures you have installed.
Unfortunately not all developers and (system and network) administrators are trained on security. But in today’s world your customers expect you to keep their data safe. We train developers and administrators to build secure software and infrastructures, and test these complete systems the same way as hackers do. Even more important is keeping that software and infrastructure as secure as possible. Our training curriculum include standard hands-on courses, but these can be tailored to your specific needs.
These days customers more often ask proof that you are in control regarding the security of your IT environment. Our consultants have a vast experience with certifications like ISO 27001 and NEN 7510, and are able to support your organisation in achieving and preserve these certifications.
Because we care about the universal right to privacy and keeping (sensitive) data safe.
We support organisations with various IT security processes.
We create partnerships with our customers to ensure they keep control on information security.