Taking care of information security is now one of the key areas determining an organisation's image and market position.
Are your computers secure?
Are you afraid of malware attacks?
Do you often hear cries for help from employees because a file has disappeared?
Are you confident that your IT systems are resilient to threats?
Do you want to check that your IT infrastructure is actually secure?
Information security is not just about documentation. It is important to ensure at all times the integrity, availability and confidentiality of data processed in IT systems, which are nowadays an essential tool for providing services in many companies. Can you ensure the security of data processed on an internal network or using a public network?
The principle of data confidentiality, in its broadest sense, is to ensure that data (not only personal data, but also, for example, financial data) is not disclosed to unwanted parties, such as burglars or hackers. Do your IT systems ensure the security of the data processed through them in the event of a hacking attempt? If your laptop is stolen, are you concerned about revealing confidential data of a contractor or a client? Are you able to verify whether someone has entered the server room without permission and placed eavesdropping tools?
Data integrity, broadly defined, is about ensuring that data is not lost. Has the UPS been checked for efficiency? Are all files duplicated on a security copy? Are staff making sure that data is only stored on IT systems, rather than on a local drive? Integrity also manifests itself in having control over the system. Are you sure you know what e-mails are being sent from company mailboxes? Are files modified only by authorised employees?
Availability in the broad sense, i.e. ensuring that data is available to the company whenever it is requested, is another very important aspect of security. Are there critical documents in the company that must be accessible to employees at all times, e.g. a patient's medical chart? Can an employee always turn on his or her mailbox while working? When a person is absent, the use of part of the systems or location is switched off, or a device (e.g. a laptop) is lost, does the company still have the personal data it needs?
If you have any doubts, please contact us! Success is not only finding the answers to these questions, but checking and making sure they are correct. Our certified specialists on the iSecure team have extensive theoretical knowledge backed up by years of practice.
We provide complex information security audits covering IT systems audits as well as IT procedures evaluation. For our customers we offer i.a. the following services:
As part of the information security audit service we will, among other things, determine the areas critical to the company's operations, verify the implemented IT systems, check for vulnerability to information leaks, and, in the course of consultations, prepare an implementation plan allowing for the avoidance of data security breaches and the costs associated with their repair. We will recommend improvements to internal security procedures and, if necessary, we will also provide trainings to raise employees' awareness of security issues.
The procedures we review and the implementation of our recommendations can help entities seeking certification of compliance with ISO 27000 standards. The benefit in such a case is not only an increase in the level of security, but also an image aspect, giving a market advantage and an argument to convince a contractor or customer.
Our service is not only about carrying out audit verifications and checking procedures. As part of the service, we also carry out sociotechnical tests, verifying employee awareness and the effectiveness of proposed solutions. Our tests are never undertaken without the client's knowledge. All principles and methods of testing are always discussed with the client in advance. Each exercise and test is concluded with a report describing the non-conformities detected and the spheres that can be improved.
We take a comprehensive approach, ensuring the greatest possible satisfaction for the client. We always act in consultation with the client so that, as part of the service, the client is not made uncomfortable by our presence. We start by establishing a timetable with the client, in which we outline a proposal for the project, set up working groups to carry out the project and establish the details of its implementation to suit the client's needs.