Our approach
We take a consultative non-intrusive approach. Our methodology is geared to meeting the stakeholder expectations whilst maximally using the existing information and the teams in place. We are NOT competing with your existing integrator nor are we aiming at redoing the work done. Our objective is to provide you with an independent outside view of your security posture, assess what your regulatory obligations are in terms of NIS2, draft a roadmap to get there and report on the progress towards stakeholders.
Assess
First, we want to give you a good
insight in the potential impact of
a cyberattack. We want to fully
understand your situation, and
map out the risks. Then, we discuss
the findings so you get a full view
on the dangers of cyberattacks
and their effects on the organization.
We identify the high-priority,
critical areas and the associated
impact: financially, operationally
and reputation-wise.
Define
Our assessment approach is very
pragmatic. Not only do we take
into account technical risks, but
also business security and regulatory
risks such as risks linked to NIS2 compliance and data breaches.
We benchmark your security and
data privacy posture against
standards such as ISO 27001, NIST,
GDPR, NIS-2. We don’t reinvent
the wheel: we look at your already
existing documentation and how
it can be improved.
Respond
Whilst involving at maximum the
existing IT team and integrator, we
define an action plan with key
components, that are scored in
terms of cost and outcome and
thus prioritized.
Our approach is modular and
discrete. We want to trigger some
inflection points in the IT strategy
towards safer operations.
We can provide security awareness
training and we can facilitate with
IT security policies, processes and
procedures.