NRD Cyber Security provides completely customisable support to the Chief Information Security Officer (CISO). Our certified and highly skilled experts with appropriate practical experience, apply proven methods to help you mature your security domain.
Advisory services for IT security are organised in four pillars:
We help to establishment and maintain a security governance framework with supporting processes to ensure that the organisation’s security strategy is aligned with organisational goals. It includes security alignment with corporate governance as well as the establishment, review, and support of security policies, and the development of business cases to support security investments. It also includes the selection, establishment, and measuring of key performance indicators to provide management and stakeholders with accurate and valuable information regarding the effectiveness of the security strategy.
We help you identify and manage security risks to an acceptable level. We do so by utilising the best international practices laid out in ISO and NIST standards and guidelines. Our process includes, but are not limited to:
Security program development and management
The development and maintenance of an effective cyber resilience program that will protect the organisation’s digital assets. It includes assessing the context, risks, compliance, obligatory contractual requirements, and the alignment to information security strategy and business goals. The security program implementation activities result in security standards, guidelines, procedures, awareness initiatives, training, security components being integrated into processes and procedures which include the necessary requirements for contracts and third-party activities.
Security incident management
The planning, establishing, and managing the organisation’s capabilities to detect, manage, respond to and recover from security incidents, is achieved by establishing integrated incident management services and processes in the form of a Computer Security Incident Response Team (CSIRT) / Security Operation Centre (SOC) or managed services, e. g. CyberSOC, supported with the detection capacities and capabilities, standard operating procedures, and all necessary integrations into the organisation’s processes.