Information Security Governance
At Sothis we help organisations to define an information security strategy in line with their business aims and goals. In doing so, we ensure:
- Identification and reduction of risk exposure of business practices to an acceptable level.
- Compliance with regulatory requirements and implementation of internationally recognised good practices.
- Auditing and checks of current compliance with the security measures in place.
For that reason, our Information Security Governance department offers:
Development of a Security Master Plan
The Security Master Plan (SMP) analyses the current position of the organisation and establishes a road map to reach an adequate level of security for senior management by defining and prioritizing a series of initiatives based on risk analysis findings and the organisation’s needs.
In conjunction with the SMP, the Information Security Governance Model can address the following initiatives:
- Implementation of Information Security Management System based on ISO 27001 and certification support.
- Development of an ICT Business Continuity Plan based on ISO 22301.
- Regulatory and legal compliance:
- National Security Scheme (ENS) adaptation for both public and private sector organisations.
- General Data Protection Regulation (GDPR) adaptation.
- Critical Infrastructure Protection Law adaptation.
- PCI DSS v3.2 implementation support
- Cybersecurity culture
ISG as a Service
At Sothis we offer companies the option of outsourcing the roles of Chief Information Security Officer (CISO) and Data Protection Officer (GDPR requirement) by assigning the work to a team of technical and legal specialists in information security.
Lastly, we can adapt ISG to the needs of organisations using tailor-made solutions such as, for examples:
- Risk analysis
- Security auditing in accordance with ISO 27002