As part of this service, we check compliance with external requirements (e.g., security and privacy requirements, ISO 27001 standard, etc.), support the introduction of related measures, as well as develop a framework of an information security management system tailored to the organization.

Our experts offer the development and revision of relevant policies and methodologies, supporting the introduction of controls, and the deployment and maintenance of software solutions supporting compliance.

When creating an information security management system and documentation environment, we assess the external and internal regulators and requirements for the organization and compile the content of information security policies, methodologies, and supporting materials accordingly. If there is an existing policy, we review and update its contents based on current events, new expectations, and best practices.

For an organization to be able to define appropriate defense measures, it must know what it needs to defend and from what. Our asset inventory and data classification service help identify the organization's data assets and determine the defensive needs of individual data classes.

As part of this service, we assemble or update the inventory of the organization's existing data assets, create or revise the related methodological environment and supporting resources, and classify the data into security classes.

To develop adequate security countermeasures, we need to know what to defend and against what we need defense. With our risk analysis and risk management support services, we help define, plan and implement effective risk-mitigating actions.

We design the framework of a Business Continuity Management system tailored to the organization, considering the related external requirements (e.g., ISO 22301 standard specifications).

Our experts offer the development and revision of related policies, methodologies, templates, and supporting tools, and, if required, the introduction of a supportive software solution.

Processes are the base of business continuity, so we need to know what our critical business processes are and the critical resources that support them. Our experts carry out tasks of process survey and assessment, Business Impact Analysis (BIA), they also identify critical processes and resources for the given organization based on the organization's existing methodology or the one developed or revised in the previous point.

If an organization knows its business-critical processes and resources, it must be prepared to manage them. We can help with this either through security measures and controls focusing on availability or by developing alternative processes in a Business Continuity Plan (BCP) or by planning backup resources and developing Disaster Recovery Plans (DRP).

An action plan only provides real value to an organization if it can be used during an actual emergency event, while alternative processes and backup/restored resources and data work as expected. For all these reasons, regular testing of completed Business Continuity (BCP) and Disaster Recovery (DRP) action plans is essential.

For the completed action plans to provide actual, useful help, and for the business continuity tasks to be equally important and understandable for all involved users, operators, and managers, it is essential to train the involved actors.

Our internally developed SIREN System offers a complex solution for the assessment of business processes, resources and data assets, for performing business impact analysis and risk assessment with various methodologies, and following up on risk mitigation measures as well as supporting business continuity management tasks.

Learn more: our SIREN product

One way to identify the level of security awareness is to conduct various questionnaire-based surveys. When developing our questionnaires, it is important to focus not only on theoretical knowledge, but also on practical approach and habits, to be able to effectively filter the possibility of the “I know the right answer, but I don't act like that in real life” attitude. For this reason, we specifically prefer when surveys are carried out during interviews with key users instead of or in addition to filling classic questionnaires.

The most effective tool for assessing the level of security awareness of employees is to conduct a Social Engineering audit. During the audit, we test the security awareness of the users in practice, as well as the effectiveness of the applied physical security measures and technological controls. Before carrying out the audit, we decide the purpose and develop the scenario of the audits with our clients.

Although the physical and technological controls available today make it harder for attackers to reach their goals, the training of the employees should not be neglected. The risks posed by the human factor can be most effectively reduced by expanding our users' knowledge-base of information security and increasing security awareness.

In addition to regular security awareness education and training, users must be constantly reminded of the most important aspects of information security on these occasions as well. To maintain interest, we suggest organizing an all-year-round security awareness program or periodical campaigns (such as a security awareness month). During our campaigns, we always take into consideration the corporate culture and the image of the company.

We are launching an information security professional training portfolio: information security managers, those in charge of information security at their organization, expert colleagues, and those interested in the topic are all welcome. (Currently, our information security expert trainings are in Hungarian only.)

Gamification methods are the new and popular solutions in security awareness programs. The advantage of these gamified elements is that they arouse the interest of employees, and users do not experience security policies and training as a burden.

Learn more: our gamification products