The purpose of this service is the development of a security plan for organisations.
Through the risk analysis processes, the critical assets of the organisation’s information systems are identified, the existing threats and protection measures are evaluated. Then, the security plan is developed that includes:
- A security policy, comprising a set of rules that explicitly define the role of each person involved in the organisation, their competencies, their responsibilities and their duties.
- A methodology for applying the security policy, as well as revision procedures.
The contingency and disaster recovery plan complements the security plan and aims at:
- Minimising the disruption of the normal operation and containing the inflicted damage, as well as preventing their possible escalation.
- Installing alternative means of operation in advance.
- Educating, training and familiarising the personnel with emergency procedures.
- Achieving prompt and smooth resumption of the disrupted operation, as well as minimising the economic impact.
The methodology according to which this service is applied, ensures the organisation’s uninterrupted operation, as well as the confidentiality and discretion of the results.
- Consolidates a security culture within the organisation.
- Reinforces the protection of the network infrastructure and services.
- Shields the organisation against liabilities, by demonstrating that all necessary measures have been taken for the protection of retained data and provided services.
- Ensures the organisation’s uninterrupted operation after a cyberattack or natural disaster.
- Trains the personnel appropriately, so that they operate within the boundaries imposed by the security plan.
Depends on the size of the organisation, the range of the network services/infrastructure and the distribution of its services.