Provision of critical services to the society is no longer an exclusively public domain. Society is becoming increasingly reliant on private companies for the provision of critical services. On the other hand, critical infrastructures rely on information systems to provide these services. Therefore, reliability of information systems is of paramount importance.
Establishment of a practical IT and information security governance system to enable the client effectively manage its information systems and information security risks.
- Establishment of IT and information security governance processes in accordance with external security requirements as established by the Minister of Energy and addressing the findings of security audit;
- Establishment of physical security requirements for data centres;
- Definition of CSO roles and responsibilities;
- Establishment of IT asset management procedures;
- Establishment of information security audit procedures;
- Establishment of procedures for confidential information management;
- Review and update of IT risk assessment methodology and procedures;
- Development of procedures for an acceptable use of assets;
- Development of procedures for access to security zones and list of authorized personnel;
- Development of information security incident management plan;
- Development of business continuity and recovery plans.