CISO advisory services

NRD Cyber Security provides completely customisable support to the Chief Information Security Officer (CISO). Our certified and highly skilled experts with appropriate practical experience, apply proven methods to help you mature your security domain.

Our Process

Advisory services for IT security are organised in four pillars:

Security governance

We help to establishment and maintain a security governance framework with supporting processes to ensure that the organisation’s security strategy is aligned with organisational goals. It includes security alignment with corporate governance as well as the establishment, review, and support of security policies, and the development of business cases to support security investments. It also includes the selection, establishment, and measuring of key performance indicators to provide management and stakeholders with accurate and valuable information regarding the effectiveness of the security strategy.

Risk management

We help you identify and manage security risks to an acceptable level. We do so by utilising the best international practices laid out in ISO and NIST standards and guidelines. Our process includes, but are not limited to:

  • Establishment of effective and repeatable risk management processes
  • Identification of assets
  • Classification
  • Business Impact Analysis (BIA)
  • Identification of threats, vulnerabilities, risks, impact, and likelihood
  • Selection of appropriate security controls, calculating residual risk, and reporting

Security program development and management

The development and maintenance of an effective cyber resilience program that will protect the organisation’s digital assets. It includes assessing the context, risks, compliance, obligatory contractual requirements, and the alignment to information security strategy and business goals. The security program implementation activities result in security standards, guidelines, procedures, awareness initiatives, training, security components being integrated into processes and procedures which include the necessary requirements for contracts and third-party activities.

Security incident management

The planning, establishing, and managing the organisation’s capabilities to detect, manage, respond to and recover from security incidents, is achieved by establishing integrated incident management services and processes in the form of a Computer Security Incident Response Team (CSIRT) / Security Operation Centre (SOC) or managed services, e. g. CyberSOC, supported with the detection capacities and capabilities, standard operating procedures, and all necessary integrations into the organisation’s processes.

Benefits

  • A measured and sustainable increase of organisational cyber resilience tailored to the organisation’s strategy, mission, and goals (context and specific needs).
  • Security component integration as an integral part of the organisation’s business processes.
  • Structured, clear, measured, and business oriented internal/outsourced security services.
  • Practical and effective security controls backed by experience and best international practices.
Icon
Paulius Daukšas
Cybersecurity consultant

For more information, please contact
Email: pd@nrdcs.lt
Tel.: +370 680 18 058

Let's get in touch