Services / Information security

Information security services

When working with companies that are active in the information security field we always start with the profitability and functionality requirements of the organisation – right level of security on the basis of the operational requirements of the company. We work with acknowledged standards in combination with our own methodology.

Information security policy

The best way to achieve a high level of information security is to use a structured approach with consideration to the specific security requirements of the company.

We will help you establish a policy, the content, and scoop of it, for example:
  • Establish goals with the security work – how much security do I need
  • Connections to underlying guidelines and regulations such as e-mail, physical security etc.
  • An organisation for the security work and the distribution of the responsibility
In the process of establishing an information security policy a lot of work is used for preparing a plan of how the policy will be established and maintained in the company. We can also help you with reviewing existing policies in order to estimate the topicality. It is of great importance to regularly inspect that a policy is being used and followed. The management of the company uses the information security police as an instrument to in an obvious way state direction and show their commitment for information security. The policy should be seen as a compliment to the business plan and it should also express the company’s desire to work in a well controlled and secure way.

Threat/Risk analysis

Insufficient security measures and routines can cause incidents, while excessive security is unnecessarily expensive and time consuming. The threat and risk analysis aim to estimate the possibilities that something damaging will happened to the company. The aim is also to reduce the possible consequences of these damaging occurrences.

A risk analysis enables wise investment decisions and guarantees that the business requirements of a company are fulfilled.

In a threat/-risk analysis we will help you identify the critical assets of the company. These can be information, servers, and personnel. It is important to find the balance between the operation and the security measures, i.e. to balance the expenses for introducing a measure against the expenses if something would occur. A well preformed risk analysis underlies the prioritizing of the allocation of the resources and the design of security measures.

Management system for information security - LIS (ISO 17799)

The comprehensive aim of introducing an information security management system is to control the information security in the company. We will help you to introduce LIS (Abbreviation in Swedish for “Ledningssystem för Informationssäkerhet”), or parts of LIS, on the basis of your operational needs, security requirements, size, and structure.

Here are some examples what we can do for you:
  • Plan the introduction of LIS
  • Define the scope of a LIS project, the size, and what part of the organization that will be affected
  • Implement a risk analysis
  • Increase the security awareness in the company
  • Classify the assets due to security
  • Control the communication and accessibility
Continuous planning

The aim with a continuous plan is to secure that the operations will proceed as usual even if an incident occurs. This kind of planning concerns reserve procedures and restoring procedures. The critical processes in the company should not be affected and the consequences should be minimized.

We will help you to:
  • Introduce processes of the continuous planning
  • Analyse the consequences if a catastrophe, incident, or interruption occur
  • Evaluate, test, and maintain existing continuous plans
  • Introduce routines for managing incidents