Sysnet’ security professionals are your trusted advisors with the expertise and experience to help you develop an effective and efficient information security strategy. This includes the supporting policies and procedures to suit your business requirements and bolster or improve the information security posture of your organisation.
Our consultants provide expert advice on the creation, implementation and reinforcement of information security policies and procedures that aim to improve your information security practices without creating unnecessary administrative overhead. The objective of this service is to assist your organisation in identifying and deploying information security policies and procedures and to providing innovative solutions for how they should be managed and maintained.
For example, there are a number of ongoing processes required to maintain compliance with the PCI DSS. While these may be described as ‘in place’ during a gap analysis; a Qualified Security Assessor (QSA) or Qualified Forensic Investigator (QFI) would expect to be able to review evidence of each of these processes having taken place over the course of a year in the event of an on-site audit or a forensic investigation following a data compromise. Some of these ongoing maintenance requirements are outlined below:
· An annual review of Security Policy incorporating a formal Risk Assessment
· An annual review of security controls
· An annual penetration test
· A quarterly internal vulnerability scan
· A quarterly external vulnerability scan
· Formal periodic security training for staff members with security responsibilities
· Annual security awareness training for non-technical staff
· A periodic test of incident response procedures
· An annual rotation of data encryption keys
· A quarterly rotation of Wireless Encryption keys
· A periodic destruction/purging of (hard and soft copy) data older than a company approved retention period
· A periodic inventory of backup media
Similarly ISO 27001 requires that the ‘Plan-Do-Check-Act ‘methodology for continuous improvement and required periodic assessment of your Information Security Management System (ISMS), Sysnet works with you to design and implement comprehensive security best practices including, the definition of roles and responsibilities, key asset identification, sensitive information inventory, change management, internal audit, physical security, network security, security in systems development, user management, user education and compliance maintenance.
For further information on our Information Security Policy & Procedure Development service, please contact one of our Sales representatives by calling +353 (0)1 495 1300 or by completing our Online Enquiry Form or Request a Call Back Form on our website.
Also, please feel free to visit our resource centre for helpful articles, latest news, videos, wikis and useful links related to industry topics and terminology.