Information SecurityRisknowlogy Security Services offers practical solutions to prepare, solve, and monitor your real-time security needs. In our digital world compromising important company information is becoming a real threat for any company.

Risknowlogy is specialised in helping you understand the risks associated with information security (IS) threats. Our approach to help you is simple but straight forward. The services we offer deal with:

  • Awareness: Awareness is the first step in making your people understand how serious information security is. Or worse, how bad it can be for your company when important information is comprised.
  • Risk Assessments: To understand the information security threats your company might be vulnerable to it is important to conduct an assessment of the information processes and systems your company has in place. The next step is to understand the risks associated with these IT systems when important information is compromised.  Our Risk Assessments act as a kind of gap analysis with risk based decision making information. All gaps will be identified but only those with unacceptable risks need to be addressed.
  • Training: When the importance of information security is understood and it is clear where and when information can be compromised it is important to train your people. Training can be provided on all levels, from general awareness and behavioural training, to technical training related to information technology used in your company. Our training programs are adapted to the level required by the audience.
  • Solutions: For those information security threads where the risk is too high suitable solutions need to be implemented. Solutions can literally be anything. From training people, to new procedures, to technical solutions. We can help you implement any solution you need.
  • Monitoring: It is important to keep monitoring the solutions you have implemented for their effectiveness in dealing with the associated threats. The world is getting smarter and so should your solutions. What worked today might not work tomorrow.
  • Certification: Certification gives you added trust that people, procedures and solutions are effective according to set standards. Risknowlogy offers to certify against these standards. Whether you need to build up the competence of your team or for regulatory compliance, our information security certification helps you achieve your goals.

Information Security Services

Information Security Training

Training is probably one of the most important tasks when managing information security within the company. Dealing with information security threads and managing the solutions and processes associated with them are only effective when your employees are aware of their meaning.

Risknowlogy offices the following training:

  • Introduction to Information Security – How it effects your company, your people and your IT systems.
  • Information Security awareness training – Present the typical attacks against employees and how to deal with them. Basic and advanced training.
  • Information Security Risk management training – How to understand and effectively manage IS risk in the organisation.
  • Information Technology infrastructure security training – How to secure your IT infrastructure and systems from a technical point of view
  • Information Security Processes – How to build effective IS processes into the organisation according to IS standards.
  • Business Continuity Training – BCP/DRP  – How to prepare organisation for critical security incidents.
  • Data protection training – how to protect data in motion and at rest.

Contact us to discuss your training needs.

In House Information Security Risk Assessments and/or Audits

The purpose of the IS Risk Audits is to analyse, evaluate and understand the current status or your company in relation to information security. Before the audit is conducted we will agree on the scope and make a plan for you. In theory everything can be audited but normally audits are limited. The scope can address the whole company or a single department only, it can include all information business processes or just be limited to specific ones. The scope can be pure document based or include technical verification (including penetration testing)

It is important that you have IS Risk Audits conducted by an external third party like ours. A third party is not susceptible to interoffice politics. Our audit results are real and not biased.

Typical standards we use for security audits include but are not limited to:

  • ISO 2700X
  • IC2
  • PCI
  • Add SIS standards

Contact us to discuss your audit needs.

Third Party Information Security Risk Assessment and/or Audits

To decrease operational cost many companies outsource parts of their business to third parties. These third parties suddenly have access to the companies confidential or sensitive data and work with this data either on site or even remotely. As a company you have no control over any data which is shared with the third party and is processed outside your company’s internal network. It is important to understand whether your third party treats your data with the level of security you need.

Our Third Party Information Security Risk Assessments and/or Audits helps you and your third party in managing information security. On behalf of you we will first assess and later periodically audit your third party. The scope of the assessment/audit is defined upfront and can include any information security process, employee awareness, IT security, access control, data protection, physical security, and so on.

Highly data sensitive industries like banks, financial companies, insurance companies and governments often require periodic audits. We can perform those independent audits for you.

Security Testing

You can create awareness as much as you want, you can train your people as much as you want, you can write the best procedures in the world and you can implement the best tools and techniques in the world. But nothing shows better whether it al works then really testing the security measures in place. Security testing helps evaluate the effectiveness of the implemented information security processes.

Our security testing services help you understand where you are standing today. Together we make a plan to test security which can include:

  • Penetration testing

Our specialist will run the set of tests to verify whether they can intercept data of your company. In other words we will try to hack your websites, system and applications.

  • IS awareness testing of your employees.

We can check how your employees react on social engineering tricks. Are they susceptible to phishing emails? Can they hold back their curiosity when unknown USB is found on your company premises? Will they report a security incident or verify the unknown person walking around the office?

  • IT infrastructure security testing (infrastructure, applications, business processes).

We will check how your IT infrastructure is prepared for security incidents. We will verify the implemented security controls and test them from the technical and business perspective.

Security testing is our most popular service because it is so effective. Many organisations are not aware that they might have a problem. Security testing will show you where the problems are and often lead to first of all further training of personnel and focused implementation of IS solutions.

Contact us so we can help you setup a security testing plan.

Consulting

Not sure what you need? Need to implement something really specific? The expertise of our IS team is very broad and we can help you with your IS consulting needs. Typical consulting services include implementation of full IS process according to ISO standards, help prepare for ISO or PCI certification, deal with external IS audit requirements and findings, create proper IS policy, and so on.

Contact us so we can help you setup a security testing plan.

Certification

We certify products, solutions, procedures, organisations when it comes to information security. A typical example where you might need certification is the Network and Information Security Directive or the European Directive for e-procurement. E-procurement refers to the use of electronic communications by public sector organisations when buying supplies and services or tendering public works. All vendors and suppliers must have the certificate.

Contact us so we can help you setup a security testing plan.