About CISO advisory services
NRD Cyber Security provides a completely customizable support to Chief Information Security Officer (CISO). Our certified and highly skilled experts with relevant practical experience, apply proven methods to help you mature your security domain.
How we do it?
CISO advisory service is organized in four pillars:
We help to establishment and maintain security governance framework with supporting processes to ensure that organization’s security strategy is aligned with organizational goals. It includes security alignment with corporate governance as well as the establishment, review and support of security policies and the development of business cases to support security investments. It also includes selection, establishment and measuring of key performance indicators to provide management and stakeholders with accurate and valuable information regarding the effectiveness of the security strategy.
We help you identify and manage security risks to an acceptable level. We do so by utilizing the best international practices described in ISO and NIST standards and guidelines. Our process includes, but is not limited to:
- Establishment of effective and repeatable risk management processes
- Identification of assets
- Business Impact Analysis (BIA)
- Identification of threats, vulnerabilities, risks, impact and likelihood
- Selection of appropriate security controls, calculating residual risk, and reporting
SECURITY PROGRAM DEVELOPMENT AND MANAGEMENT
Development and maintenance of effective cyber resilience program that would protect organization’s digital assets. It includes assessing the context, risks, compliance and obligatory contractual requirements, alignment to information security strategy and business goals. Security program implementation activities result in security standards, guidelines, procedures, awareness initiatives, trainings, security components integration into processes and procedures, the integration of security requirements into contracts and activities carried out by third parties.
SECURITY INCIDENT MANAGEMENT
Planning, establishing and managing organization’s capabilities to detect, manage, respond to and recover from security incidents. This is achieved by establishing integrated incident management services and processes in a form of Computer Security Incident Response Team (CSIRT) / Securrity Operation Centre (SOC) or managed services, e. g. CyberSOC, supported with the detection capacities and capabilities, standard operating procedures and all necessary integrations into organization processes.
- Measured and sustainable increase of organizational cyber resilience tailored to organization’s strategy, mission and goals (context and specific needs).
- Security component integration into organization’s business processes as an integral part.
- Structured, clear, measured, and business oriented internal/outsourced security services.
- Practical and effective security controls backed by experience and best international practices.