Information security survey for the company
In the information security auditing, all areas of information security are reviewed, such as administrative information security, technical information security and physical information security. The company's information security survey creates the conditions for the continuity of operations. In today's operating environment full of cyber threats, information security awareness increases the company's value also in the eyes of stakeholders.
The importance of data security mapping in the production network?
Information security is a continuous process of developing your company's information security. In the information security mapping we offer, the various aspects of your company's information security are systematically reviewed and you will receive the following clear, vital instructions for developing information security and operations.
Identification
The purpose of the identification section is to create clear guidelines on how to develop your company's information security process. It defines the steps of information security mapping based on, for example, risk analysis.
This is influenced, among other things, by the view of your company's owners, which of the company's functions or processes are critical. Once the developing areas have been identified, we will consider how their information security could be improved. The classification of information and its risk assessment is central to the continuity of operations. The risk assessment can also be based on a cyber security case or a physical security problem. Based on these mappings, clear instructions can be created on how things are to be implemented and who will take these things forward.
Safeguarding
The purpose of the safeguarding sub-area is to implement the safeguarding of identified risks. This can mean, for example, hardware or software. The key way is to segment, i.e. divide data networks to minimize risks.
Perception
Observation refers to the monitoring of data network traffic. This can be done in many different ways, either with dedicated hardware or software. A common way is to use, for example, an IDS system, i.e. an attack detection system.
Reaction
Reacting combines observation and action based on observation. How can the company react to rapid changes in information security? This can mean, for example, disconnecting a computer infected with malware from the network. In critical environments, the measure can also be to disconnect production from the office network. On the other hand, this can be automated with, for example, an attack detection system IPS or an artificial intelligence-based solution.
Ask us about artificial intelligence-based attack prevention systems.
Regression
Recovery refers to how your company is able to recover from the problem encountered. Documented instructions for different situations and training are essential parts of ensuring the company's information security operations. We help customers get documentation to the level of new standards such as ISO/IEC 27001.
Information security mapping brings to light the information security challenges of the OT network
Hardware is used differently in an OT network than in a normal IT network. The hardware is not necessarily updated due to laborious methods. This leads to the fact that there are usually several vulnerable devices on the network.
OT network monitoring and Device management become even more important with the NIS2 standardization. The hardware used should be updatable and supported in critical production environments.
Find out about the NIS2 Directive
In the mapping, the following issues are reviewed - the content of the mapping
Administrative information security mapping
Administrative information security mapping is a process that evaluates the state of the organization's information security and its management. This includes evaluating information security policy, security development and cyber security management.
Security mapping usually uses standardised frameworks such as ISO/IEC 27001, Traficom's CyberMeter, Katakri 2020 or the EU General Data Protection Regulation (GDPR), which can be used to mirror the company's performance and identify areas where the company should still improve. This may be referred to as a GAP analysis.
Technical information security mapping
Technical data security mapping covers several areas, such as network security, software data security and device security.
Network security covers all measures to protect the organization's information networks and the information passing through them. This includes, for example, going through the code of firewalls. The goal of network security is to prevent unauthorized access to the network, protect data transmission and ensure network reliability. This means how users are identified and personnel are allowed access to the company's internal network.
Software information security focuses on the security of software and applications. This includes the security of software development, use and maintenance. The goal of software security is to prevent attacks on software, such as malware and data breaches. Information security of information materials is considered one of the areas of software security. It is related to the protection of information materials held by the organization. This includes a closer analysis of data encryption, backup and data disposal.
Device security means computer, server and mobile device security. The goal of device security is to protect the devices and the information they contain and to prevent unauthorized use of the devices. A major improvement in laptop computer security today is disk encryption. When these devices are connected to, for example, the Office 365 cloud, user and device management is achieved.
Physical information security mapping
Physical information security includes several areas that together form the protection of the company's physical resources from physical threats.
Hardware security relates to the physical protection of computers, servers and mobile devices. This includes, for example, placing, locking and protecting the customer's devices from physical damage.
Security of premises means the physical protection of business premises and equipment premises. This includes, for example, facility planning, access control and the use of security systems. Cost management is a key part of physical information security. It is used to manage and monitor access to premises and equipment, prevent unauthorized access and protect important information. One component of access control is the definition of security areas. Safe areas are areas with a particularly high level of security, and their use is restricted to certain people only. It is particularly important to note all times when the premises are not staffed.
In addition, physical data security includes protection against different conditions, such as from fires, electrical and water damage. This includes, for example, fire detectors, water-resistant cabinets and backup power systems. The aspects of customers' physical data security are often well controlled.
Information security mapping service packages
Package 1 – Basic mapping
Including administrative and technical information security mapping
- Teams or similar remote connection meetings 1x1h
- Palaver's notes for the development of information security
- For the price of €0
- BOOK a basic survey
Package 2 – Wider mapping
Including administrative, technical and physical information security mapping
- Teams or similar remote connection meetings 8x2h
- An Excel-based tool for developing information security
- Starting at a price of €3889