IDENTIFY & IMPLEMENT
Identify & implement is the most comprehensive field of information security and is designed for organizations that currently lack comprehensive security. Our range of services helps you identify what security measures your organization needs and helps implement those measures in an effective and cost efficient fashion.
Our identifying and implementing services include:
Classification of an organization’s information is the basis for effective information security. Secure State Cyber plans and implements information classifications by analysing the information’s value and requirements for integrity and availability.
By classifying different types of information, it becomes apparent which information is critical to the business and thereby making it easier and more cost-effective to control how the organization manages information. Subsequently, this process also highlights the consequences of wrong handling information. Along with the initial classification, a procedure is implemented to facilitate regular assessments of the information’s value.
We plan and implement threat, risk and vulnerability analyses of systems and operations. The choice of methodology and scope is adapted to the customer’s needs and situation.
Risk analysis can be carried out on the whole business or on a defined specific system. We systematically examine the risks and threats that exist against the business and the systems. By assessing the likelihood of different adverse events occurring and their potential consequences, it is possible to identify and prioritize security solutions. This result’s in the customer being provided a prioritized list of current risks, along with an action plan of recommended measures to reduce these risks.
We carry out investigations and preliminary studies on behalf of clients, such as to assess the prerequisites and starting positions in case of, for example, changes in the IT environment or how new legislation affects the business. Each project results in a clear decision base for continued work and future priorities. Environmental monitoring is a common part of our investigative projects, where we take a closer look and analyse the impact of external factors and the threat landscape as a whole. What trends are there currently in the field of information security in the industry where the customer operates? What are the most relevant threats? Which methods are most popular among, for example, hackers? Have the external requirements changed lately?
A GAP analysis involves assessing an organization’s level of security in comparison with specific standards, best practices, legal requirements or regulatory frameworks. Put simply, we measure the gap between the current position and the ideal position for the organization. These measurements will allow management to make concise decisions on how to further strengthen their information security.
POLICY AND GUIDELINES
Well thought-out and structured procedures are central to all information security work. We help with the design of an organisation’s policies and guidelines for information security, based on best practices and quality assured processes.
It is frequently difficult to know in an advance when assistance will be needed. Therefore, we can provide expert support in information security on an hourly basis for the ongoing work within an organisation. This can be both at the overall level of the organisation or as a resource in a specific project.
Our consultants can offer services in
- business development and management support,
- support for specific administrations within an organization with daily information security work,
- process and routine development,
- requirements for procurement and development of IT systems,
- case management and management control.
Conducting security checks in a security architecture provides a good picture of the security level within an organisation. Need additional technical features? Or maybe a segmentation of the network environment? By using best practices and experience, an independent picture of your weak and strong points in the system environment is obtained.
What happens in our systems? Who’s inside and working on it? Log monitoring makes it possible to follow up events and people associated to the event. We streamline log management by identifying priority logs relevant to potential incident events. A well-structured log system makes it possible to detect and respond to discrepancies and incidents. By allowing us to collect, monitor and analyse logs, the customer also gets an independent control of key features in the business.