From Cyber Essentials and GDPR through to ISO27001, data security testing, audit preparation and information architecture, policy writing and implementing.
The world is becoming ever digital and as it does we find ourselves having to cope with an increasing number of potentially open doors. Imagine your home with a single door, no windows and a cellar. Placing your valuables in a safe located in a locked cellar belonging to a house with a single door that has a lock and a chain, is pretty strong security. However, add a back door, 8 windows and a loft hatch and suddenly the convenience of natural light and quick access to the back garden has opened up multiple vulnerabilities and your valuables aren't so safe any more!It's as simple as that in the digital world too, a secure wired network becomes exposed if you add wifi, allow none business internet traffic across it, add a few smart devices and don't keep your software up to date. The problem is increased further if you are a small business and you work from home or a larger business with home based staff. Shared internet with the kids on the same network range could easily bring malware or worse, Randsomware onto your network and into your business. The thought of having your heating and lights controlled by your smart phone sounds fun, but if it is not isolated on your network, the IOT (Internet of Things) is the easiest way for a hacker to gain access to your valuable data.As a certfied Cyber Essentials business Sophistec cares about Information Security in the Cyber world and can provide complimentary services to ensure you have the best chance of remaining safe.
As a baseline, all businesses should aim to comply with Cyber Essentials, the Government established Cyber Security standard. It is surprisingly easy to obtain and maintain with guidance, direction and regular review.
Businesses that take payment via card should also be PCI DSS compliant, ensure all inventory and services involved are scoped correctly, scanned and backed up with policies and procedures that are reviewed on a regular basis.
Sophistec consultants are Certified Information Systems Auditors accredited by ISACA (Information Systems Audit & Control Association).
read more...
Structure and framework are at the core of every secure, stable and scalable system. Information Security is no different with Regulations, Acts and Standards needing to be interpreted then crafted into Policy, Procedures, Guidelines and Handbooks so that staff, suppliers and contractors meet your compliance needs.
Sophistec can craft these documents, undertake assessments and recommend controls that help you maintain control and retain your compliance standard across the entire organisation.
In order for information to become effective it needs to be controlled. Information overload is dangerous and can cause confusion, especially when it needs to be regularly reviewed updated and reissued.
Sophistec can undertake an information stream analysis as it flows through the entire organisation, identify business critical information and present it inside of a controlled environment. Having brand publishing guidelines are obvious if you want to ensure consistency across all media, but most businesses miss the fact that this level of control is also important when publishing and sharing information.