top of page
Untitled design - 2024-07-18T163936.670.png

Security Governance Consulting

Untitled design - 2024-07-18T154442.686.png
team-business-people-working-with-new-startup-project.jpg

ISMS (ISO 27001), S-SDLC, DevSecOps, built-in security & privacy (gdpr), GRC, Virtual CISO (vCISO)

Our main consulting service encompasses all aspects of cyber security and security governance. These services helps you gain control over your information security requirements and risk.

Information Security Management Systems (ISMS)

An Information Security Management System (ISMS) based on ISO/IEC 27001 is one of the main deliveries of a Chief Information Security Officer (CISO) or a Security Governance function. This is typically a document structure communicating a company’s security requirements both to itself as an organization, their partners and customers or to ensure the products it makes follows the necessary security and privacy requirements.

Requirements are often selected based on the company’s risk appetite, the company’s strategy, tone-at-the-top, their regulatory requirements, their contractual obligations, customer expectations and standards expected in the market. Therefore, cyber security governance, risk and compliance (GRC) is key. A well-built ISMS can both comply with requirements and simplify the requirements for the employees looking to them. An integral part of an ISMS is therefore the employee security training program.

bg-pattern.jpg
Untitled design - 2024-07-18T152236.000.png

Our Philosophy 

is that the security function does the “heavy lifting”, so the ISMS is as stress-free as possible for the organization.

​

Untitled design - 2024-07-18T152236.000.png

Our Goal

is to make an ISMS that is both compliant, but also helps the company be future-ready and supports the company’s strategy without being overwhelming.

How?

We do this by getting to know your company’s strategy, its risk appetite, regulatory requirements and company culture to make a good fit for your needs and budget. Based on this and our own experience building such programs in practice, we help you build a program that works for you.

Example key deliveries:

cisoservices_cubes_nobackground_edited.png

Virtual CISO (vCISO) services

cisoservices_cubes_nobackground_edited.png

ISMS

cisoservices_cubes_nobackground_edited.png

Security Governance

cisoservices_cubes_nobackground_edited.png

Risk assessments

cisoservices_cubes_nobackground_edited.png

Threat updates

cisoservices_cubes_nobackground_edited.png

Security training

diverse-business-entrepreneurs-sitting-conference-table-working-management-solution.jpg
Untitled design - 2024-07-18T154442.686.png
Man Hands On Keyboard

Secure Software Development LifeCycle (S-SDLC) and DevSecOps

Companies producing products and services based on development and source code, needs to have built-in security & privacy. This is essential both from a regulatory point of view, but also to keep their customer’s trust. The main key drivers here are the requirements set by national privacy laws, but also GDPR requirements. The challenge for companies, developers, team leaders and Chief Technology Officers (CTOs) are creating a living process that follows best practices. All the while you need to ensure that your software and services are ready to handle and detect cyber-attacks and handle information security incidents.

bg-pattern.jpg
Untitled design - 2024-07-18T152236.000.png

Our Philosophy 

is that we adapt the process to your existing development process, regardless if you choose DevSecOps , S-SDLC or have your own process. We enable each development team to implement small, but important key-activities based on risk assessments to get a continual improvement loop up and running for the teams.

Untitled design - 2024-07-18T152236.000.png

Our Goal

is how do we make a process that is both compliant, but also helps the company be future-ready and supports the company’s strategy without being overwhelming. We do this by getting to know your company’s strategy, its risk appetite, regulatory requirements and company culture to make a good fit for your needs and budget.

How?

We do this by following best practice material such as “The Norwegian Data Protection Authority’s – Software development with Data Protection by Design and by Default”, Microsoft’s SDL and our own experience building such programs in practice.

Example key deliveries:

cisoservices_cubes_nobackground_edited.png

DevSecOps

cisoservices_cubes_nobackground_edited.png

S-SDLC

cisoservices_cubes_nobackground_edited.png

Built-in security and privacy

cisoservices_cubes_nobackground_edited.png

Security incident management

cisoservices_cubes_nobackground_edited.png

Security incident response

Image by rivage
bottom of page