Our comprehensive 6-step information security program provides a well thought-through incremental improvement method that helps organizations move towards a higher level of information security.

We provide the consultancy support and tools needed and in six orderly and well-defined steps guide our clients towards achieving an independently operating security status without the need for external support.

Step-1: Quick Scan, Risk Analysis or Audit

Various consultancy services can be used to determine the status of the existing information security system and come to an informed decision about the measures needed to secure your organization. These services range from a quick scan to a comprehensive risk analysis – using InfoSecure’s risk assessment tool – or audit.

Step-2: Management Commitment

Using the results and realistic examples from their own organization obtained through the analysis done in step one, it is easy to convince management of the value and necessity of effective information security and gain their commitment for improving security management. Ultimately, the role of management is crucial because their commitment and decisions determine which information security measures become effective within the organization.

Step-3: Security Plan

Once the measures required for improving security management in your organization have been identified and selected, the next step requires translation in terms of priorities and timelines. To increase short-term gains we look for quick wins that create visible improvements that mitigate the biggest risks in an organization. Over the longer term we work on creating a best practice security organization that meets international standards such as ISO/IEC 27001 and complies with legislation and can demonstrate to supply chain, business partners and central government that risks are properly managed.

Step-4: Organisation, Policy, Guidelines

This involves the creation of an effective information security organization that has the commitment and support of senior management and includes an information security policy statement that comes with guidelines and specified procedures – all consolidated into a security manual. This indicates the roles and responsibilities of all employees and the guidelines they have to follow.

Step-5: Awareness Training

Security Awareness Training is essential to make sure all employees are aware of their roles and responsibilities and ensure ongoing implementation of the security policy and guidelines to mitigate security risks. Training can be provided through workshops and e-learning modules customised for specific target groups. Nearly 6 million employees already followed our awareness programs in 90 countries using one or more of 30 available languages.

Step-6: Progress & Compliance

We believe ongoing measurement of progress and tracking compliance is essential for maintaining maximum information security. This is why our consultancy services provide ongoing support through an inbuilt progress-measuring tool that helps clients to establish key performance indicators, assess incidents, verify logbooks and carry out random checks.