Legal, consulting, project leadership and know-how hub. Based in Sandvika, Norway.
Security needs to be managed and information security threats have to be recognized, understood, prevented, discovered, mitigated and contained. NRD Cyber Security security management services assist organizations in establishing their own information security management systems or enables them to outsource professional security management services.
Information Security Management
Exclusive reliance on security technologies cannot guarantee the security of information. In order to consciously manage information security, you have to have mechanisms and processes in place to adequately and proportionately treat information security.
Our team of security experts will help you to establish a practical and doable information security management framework based on ISO 27001, ISO 22301 standard, COBIT 5 frameworks or CIS Critical Security controls.
HOW WE DO IT?
- Assessment of external compliance requirements;
- Establishment of current state of information security management;
- Definition of information security risk assessment methodology;
- Performance of information security risk assessment;
- Development of risk treatment plan;
- Selection of the most proper information security management standard/ framework for your company;
- Implementation of required security controls;
- Drafting of necessary policies and procedures;
- Support and oversight in certification process.
- Security investments proportionate to security risks;
- Continuity of critical business process ensured;
- Security management goals are aligned with business needs;
- Effective incident handling established;
- Competitive advantage.
Contact Romualdas Lečickis at rl@scdrnlt or +370 612 73994 for more information.
Security Operating Center (SOC) Services
Organizations and businesses face threats that are advanced in their complexity and target critical assets. Advanced threat monitoring services will help you to successfully anticipate and address these threats.
Our security operating center (SOC) monitors the network for security events, analyses them and detects specific situations that may pose a threat to your organization.
HOW WE DO IT?
- Advanced security event sensor solutions to ensure cyber event visibility and timely response;
- Network monitoring for anomalies and security events;
- Provision of cyber threat intelligence information to improve the agility of computer network defence mechanisms;
- Adoption of security analysis tools to identify threats to organization’s integral security;
- Detection and recording of organisation-specific security events;
- Invoking of incident handling procedures;
- Forensics operations to perform deep inspection of media and network traffic with the aim to identify malicious intent activities.
- Security incidents are detected at early stage before the major losses are incurred;
- Increased value of information security infrastructure by maximizing visibility of suspicious activities and anomalies;
- Thorough monitoring expands ability to mitigate cyber security threats.
Contact Marius Urkis at mu@scdrnlt or +370 687 79059 for more information.
GDPR compliance review
GDPR went into full effect on 25th of May 2018. There are still many debates about what is or is not acceptable according to the new legislation, but it is widely agreed that compliance with GDPR should be a continuous process. As your organisation evolves, your needs grow and your processes change, you need to give access to information and data you store to new stakeholders. Even if nothing changes within your organisation, new risks, such as cyber threats should encourage you to review whether your processes and systems are secure and compliant.
NRD Cyber Security experts can assist you at various stages of GDPR compliance review.
How we do it?
- Identify the type of personal data your organisation collects and processes and perform inventory of the data and information (i.e. data mapping). The inventory gives and overview of how, when, by whom and why the data is accessed and used;
- Review and modification/update of internal legal documents and contracts
- Review if the processes and infrastructure, related to personal data processing, ensures data protection;
- Analyse access to PII (Personal Identifiable Information);
- Evaluate risks related to data processing and prepare a plan how to eliminate them;
- Identify how big is the gap between how the organisation is actually processing personal data and ensuring it’s security and how it should be done according to regulations;
- Prepare a review document, prepare action plan and build new processes.
- Compliance with GDPR not only from legal, but also from technical perspective
- Identification of potential risks and threats
- Visibility of how efficient are processes currently in place and the alterations required
- Recommendations on the most suitable technological solutions
Contact Šarūnas Virbickas at firstname.lastname@example.org or +370 613 18020 for more information