(SOS)

Introduction

In our consultations with customers of our security compliance management applications we have made the following observations:

  • Companies often have ( given the growth of the security tasks ) too little security expertise.
  • An increasing number of regulations require companies to prove, using structured documentation that they are "in control" of the security of their ICT systems
  • Regulators such as DNB require companies to provide reports that meet their standards and are irrefutable and consistent ;
    • Many of the companies have already taken action , but the reports are completed in an ad-hoc fashion
    • The reports are often made using home-spun software and may make demands on the knowledge and skills of the companies own staff.
    • The knowledge and skills needed to answer the questions of Regulators is not structurally embedded in the organization .
  • Companies need temporary support from security experts to quickly and thoroughly define a security compliance framework, to test and implement the framework and to interpret the ever -growing security and compliance requirements.

To answer these requirements SRC Secure Solutions Security Officer Service has implemented the Security Officer Service. This service will be provided by security managers, led by an experienced certified security manager with at least 15 years experience (including several Dutch financial institutions) and is CISSP & ISSMP certified.

Security Officer Services

The service consists of the following Security Officer Services :

  • Consultancy in the implementation of a Risk Control Frameworks
  • CISO Backup & Support on Demand
  • CISO Coaching

We will agree on an offer for any of the services or a mix of services depending on the requirements

Consultancy for the implementation of Risk Controls Framework

Our experts provide practical support and advice in IT security , compliance and certification issues. For example :

  • Standards : ISO 27001 , COBIT , ITIL
  • Regulatory : WBP , Sox , JSOX , HIPPA
  • Supervisors : DNB , AFM , Audit departments , annual audit reports
  • Government : VIR , VIR - BI , BIR
  • Healthcare : WGBO , NEN7510 , NEN7511 , NEN7512
  • Development: EU Data Protection Directive 95/46/EC , General Data Protection Regulation (GDPR )
  • Outsourcing: SAS 70 , ISAE 3402

Our Senior Security Risk & Compliance Manager is an authority in this field and has developed an IT Risk Control Framework ( RCF ) for a large financial institution and successfully implemented in 15 countries for 31 business lines . This has resulted in significant efficiency and cost reduction in IT compliance. We have developed our own "SMART © COBIT Compliance Methodology" which is used as a guide in our projects.

CISO Backup and Support on Demand

Our experts provide practical hands -on assistance and support to the Corporate Information Security Officer ( CISO ) and can help out in case of emergency or during busy periods.

This service provides a Flex Security Officer who will be integrated into your organization, working part-time and can be used as a backup or support of the CISO. Hours are flexible ( 0.1to 1 FTE ) and will be discussed,

Examples :

  • Reduce " Key - man exposure" risk CISO
  • Replacement during illness , vacations , etc.
  • Assistance with major incidents
  • Assistance with peak in workload CISO , through projects , regulatory , audit , supervisory etc. .

The service consists of four phases:

 Intake : Your requirements , scope and mandate provision

  1. Introduction period : The Flex Security Officer is introduced to the company and will work intensively for a short period to orientate him/herself to the security environment.
  2. Standby and support: The Flex security officer is present on a weekly basis for standby and support.
  3. Backup & Support: The Flex security officer is on a call-out basis for additional consultation and to relieve the CISO of core duties.

Consultancy for the CISO coaching

Our Senior Security Risk & Compliance Managers will:

  • Function as a sparring partner and to brainstorm with the CISO , etc.
  • Discuss strategy, tactical and operational issues with the CISO
  • Guide, train and mentor your junior CISOs, security officers and trainees

If you are interested in discussing our SOS services please use the contact form or call us on +31 20 5036001