Information security external manager
We offer the services of the information security external manager
The purpose of the service is to provide services of an external manager of information security.
The main task of the external manager of information security is to establish, maintain, monitor, review and improve the required level of information security management in the organization.
The external manager will proceed in accordance with the security project
Why to use the service of the information security external manager?
Saving the cost of an internal specialist for the information security; expert impartial external consultation on the issues of information security and security measures; impartial expert assessment of the protection of information in the organization; experience in the implementation of information security management systems; view on the issue of information security management from a different perspective; professionally developed documentation.
Scope of activities:
- Conducting an analysis of information system risks;
- Proposing a document of security policy;
- Proposing the review of the document of security policy;
- Ensuring familiarization of authorized persons with security measures;
- Raising awareness of information security and organizing of training;
- Keeping an inventory list of assets;
- Proposing technical, personnel, and organizational security measures;
- Introducing technical, personnel, and organizational security measures;
- Monitoring of the effectiveness and adequacy of security measures;
- Proposing corrections of security measures;
- Participating in defining requirements for planning and management of information security continuity;
- Carrying out of audits of suppliers;
- Monitoring the level of services provided by suppliers.
Defining and documenting:
- Roles and responsibilities for information security in the organization;
- Levels of authorizations;
- Rules for acceptable use of assets;
- Guidelines for the classification and labelling of assets;
- Policies for access control;
- Policies for the proper and effective use of cryptography;
- Requirements for physical security and security of the environment;
- Operating procedures for safe operation;
- Procedures for change management;
- Capacity management;
- Measures against malicious software;
- Rules for backup;
- Requirements for data recording and monitoring;
- Rules for communication security;
- Requirements for agreements on confidentiality or secrecy and exchange of information;
- Security requirements for information systems;
- Security architecture of systems;
- Rules and principles for a secure development of systems;
- Principles for system security testing;
- Information security policy regarding relationships with suppliers;
- Security requirements for contracts with suppliers;
- Responsibilities and procedures for managing incidents.
Our company has been actively working in the field of information technologies
Our experiences, knowledge and active activity in the field of information technologies enable us to process the security analysis and IT system project in a competent way.
Compliance of the outputs with the intra-company guidelines and processes
Examination of the existing documentation (English) and adaptation of our outputs to the existing guidelines and organisation processes already implemented.
Stability of the company
Continuity of our activity: our company has been working in the field for more than 14 years.
Person responsible for qualified consulting
Ing. Daniel Bednárik, education: Faculty of Applied Informatics, Tomas Bata University in Zlín, field of study: Engineering Informatics, Security Technologies.
Internationally accepted and accredited CISM certificate of the ISACA organisation
CISM (Certified Information Security Manager) certificate is intended for experienced information security managers and has been designed to provide an assurance to the executive management that its holders have the required knowledge and skills to perform efficient security management.
The list of the Isaca Slovakia certificate holders (www link).
Certificate of internationally accredited training IRCA, ISO 27001
Ing. Daniel Bednárik passed an internationally accredited training for external auditors/lead auditors for ISO 27001. The accreditation is covered by IRCA (International Register of Certified Auditors). IRCA Certificate No.: 27416.
Qualified independent auditor of the Regulatory Authority for Electronic Communications and Postal Services
Our company is included in the list of qualified independent auditors for the security audit performance in a company providing public electronic communication services.
The list is published on the Regulatory Authority’s website (www link).
Liability insurance for damage caused when providing the services in the field of information technology security in the extent as follows: EUR 100,000, (Colonnade Insurance S.A.).