The effective management of information security in an organization or enterprise encompasses all organizational and operational processes and participants relevant to information security. Information security should be an on going process in order to which when fully developed, will position an organization to address the right security issues so that the business fulfils its objectives.
Information Security Management Framework is a combination of well defined policies, procedures, standards & guidelines required to establish the required level of information security.
INNOVA’s offering regarding Information Security Management Framework is comprised of the following services:
Information Security Management System (ISMS) implementation
Three options of ISMS implementation are available in order to provide Organizations with the extend & depth of documentation required. Design and implementation of the information security framework, which includes the required policies & guidelines, as well as the controls requirements, adequate enough to enforce the required level of information security, throughout the organization.
Organizations are provided with three (3) options for ISMS development. Each alternative reflects to different information security needs and budgets.
Basic: Development of the Security policy and all the required high level policies for an organization in order to establish a framework for information security management.
Standard: Development of all policies & general purpose standards required for an information security management system. All requirements for ISO27001 compliance are fully satisfied by this implementation.
Advanced: Development of all required policies, technical & general purpose standards as well as procedures in order to establish a complete information security management framework.
................................................................................................................................................................................................
ISMS Deliverables
Security policy
Security Organization - Roles & Responsibilities
Assets Classification
Principles & Standards
Security Procedures Security Metrics
................................................................................................................................................................................................
Business Continuity Plan (BCP) / Disaster Recovery Plan (DRP) Services
Business continuity plan allows an organization to react to a situation in an efficient, timely manner and recover critical business processes within established timeframes.
Disaster recovery planning is a process of preparation for the replacement of information systems following a disaster.
INNOVA provides all required policies, guidelines & procedures in order to assist Organization to carry out business operations, following a disaster or any other interruption of essential services.
Certification / Compliance consulting
The service assists organizations in achieving compliance with statutory and regulatory requirements as well as being compliant with the required security standards.
INNOVA consultants implement the required documentation for regulatory or security standard compliance.
Furthermore, we produce a compliance / certification road map and detailed project plan for implementing information security requirements and best practices in the organizations.
The service includes ISO27001 certification, European Union/Local Data Protection Directive compliance, Data retention compliance, Banking & Financial statutory requirements compliance.
................................................................................................................................................................................................
Compliance Deliverables
Implementation of the required documentation for compliance
Compliance Road-Map
Detailed project plan for requirements
................................................................................................................................................................................................
Awareness & Training Services
Information Security Awareness program design and execution. This service assists organizations in transforming their employees into the most effective security control by:
Raising awareness regarding the need for information security at all personnel level
Raising End users awareness regarding benefits of working within the security architecture
In the context of the service, INNOVA also provides:
End users training on identification of Intrusion signs & response procedures
IT personnel training for emerging threats to systems and networks
Benefits for the Customer
Development of a comprehensive & verifiable information security management strategy
Organizational infrastructure & related data protection activities are addressed
Information Security effectively transformed into a proactive activity
Ensure compliance to existing and future information infrastructure-related regulations
Information security framework aligned with business objectives
Alignment with leading industry practices and methods
................................................................................................................................................................................................
