ADVISORY SERVICES
CRITICAL INFRASTRUCTURE PROTECTION STRATEGY DEVELOPMENT
Without a strategy it is complicated to build a successful critical infrastructure protection system. It’s important to set goals and define how to achieve them. The following should be defined: roles of different stakeholders, areas to protect, resources needed, current situation, what we want to achieve etc. We help to develop critical infrastructure protection strategies and implementation plans.
CRITICAL INFRASTRUCTURE MAPPING
What is critical infrastructure in your country? Why is it considered critical? Is your company critical infrastructure service provider? What is critical infrastructure in your company? What assets are needed for providing critical infrastructure services? We support mentioned activities at the country level, sector level or critical service provider organization level.
CRITICAL INFRASTRUCTURE CONSEQUENSIS ANALYSIS
What are the consequences of interruptions in one critical service? How one service interruption impacts other critical services? What are the consequences caused by the interruptions in several critical services? How much critical service providers depend on third party service providers?
CRITICAL INFORMATION INFRASTRUCTURE RISK ANALYSIS
What are the risks related to providing critical infrastructure services? How vulnerable is critical infrastructure? What are the threats? What are the existing safeguards? What are the vulnerabilities, which can be exploited by threats to cause harm to critical infrastructure assets? What is the likelihood and consequence of different risks?
CRITICAL INFORMATION INFRASTRUCTURE SAFEGUARDS’ DEVELOPMENT AND IMPLEMENTATION
Which safeguards should be implemented for infrastructure protection? Which is the acceptable protection level? How to choose safeguards for implementation? What are the roles of different parties in developing safeguards and what are their roles during the implementation? Which risks are acceptable?
For more information, please contact us: info@ciipunit.com
AUDIT SERVICES
CRITICAL INFRASTRUCTURE IT AUDIT
The importance of IT has increased significantly in most organizations that provide critical infrastructure services. It is difficult to find critical service, which is not dependent on information systems. A failure or disruption to the functioning of information systems often disrupts, disturbs or threatens the providing of critical service. The cause of disruptions is not always cyber attack, but can also be technical failure, organizational shortcoming or human error.
Critical infrastructure IT audit provides feedback, assurance and recommendations about the functioning of information systems and their ability to support the provision of critical services.
CRITICAL INFRASTRUCTURE IT SECURITY AUDIT
Critical Infrastructure has already been target for cyber-attacks for several years. The number of attacks and loss from these attacks is growing.
How well are your systems protected? What are the vulnerabilities? What happens, when the information systems get under cyber attack? How does your organization respond to cyber-attacks? How do you behave during cyber-attacks? Are you able to detect cyber-attacks?
Critical infrastructure IT Security audit provides feedback, assurance and recommendations about the status of information systems’ security.
CRITICAL INFRASTRUCTURE ISO27001 AUDIT
ISO/IEC 27001:2013 (Information technology — Security techniques — Information security management systems — Requirements) - standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. ISO 27001 requirements are generic and these are also applicable to critical infrastructure service providers. ISO 27001 standard also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.
During the audit our auditors assess, whether the organization conforms to the requirements of ISO 27001 standard and whether the organization continually operates in accordance with the specified policies, procedures and external requirements.
For more information, please contact us: info@ciipunit.com