IT security consulting

IT security consulting

Fulfilling the role of Information security officer

  • Preparing and updating policy concerning information security and IT operation
  • Accomplishment of legal compliance audits,
  • Verification of IT systems and their control processes,
  • Conducting IT risk assessments,
  • Regular IT security reports for owners, upper management and internal auditors
  • Information security trainings,
  • Inspection and handling of security incidents.

Preparation for and accomplishment of IT audits

  • General controls review (GCR)
  • Application audits (ASA)
  • Necessary preparation for obtaining the ISO27001 certificate
  • Legal compliance audits (in compliance with the Act on Credit Institutions and Financial Enterprises,
  • Information Security Management Act)
  • SOX audit
  • PCI-DSS preparation and audit

IT risk analyses

  • Identification of critical business processes and their selection for risk analysis,
  • Identification of security-related weak points of the IT system elements,
  • Tests concerning the existence and the operational compliance of security controls,
  • Conformity check of regulations and their application in practice,
  • Preparation of risk analysis reports.

Preparation and verification of regulatory elements

  • Information security policy
  • Information security strategy
  • User right management procedures
  • Change-management procedures
  • Incident-management procedures
  • Business continuity plans and disaster recovery documents