Cyber Security Assessments

Understand where you are and fast track the right improvements.

At Astra Consulting we have developed our Cyber Security Controls Framework consisting of 15 domains that cover the governance, organizational and technical security requirements that make for good cyber security setup in the workplace. These controls are not new but are grouped into coherent domains that reflect modern threats and the actual causes of incidents, to provide a pragmatic model to implementing a strategic response to cyber risk.

Using our Framework we assess the key aspects of security risk to the information, systems and infrastructure in order to provide you with swift analysis of your cyber security maturity, rate existing cyber security controls and help you shape your information security program.

Like all Astra Consulting services, this is based on many years’ knowledge and experience gained from protecting organizations of all shapes and sizes to help you focus on the real risk areas. It’s simple to implement, and ensures you get the most out of your security investment.

The framework is made up of controls underpinning the requirement for each domain. The individual controls are assessed to provide a maturity score for the domain, and accelerated remediation plans to meet your desired levels of maturity. The output of our assessments is a report consisting of an executive summary showing the overall maturity of your organization and key improvement actions to take; with a detailed domain-level findings and improvement roadmap.

The controls are mapped to common industry standards and frameworks to support external compliance activities where appropriate and measure cyber security compliance.

We have extensive experience in performing cyber security assessments to ensure you have effective information security controls in place and that you comply with relevant standards and regulatory requirements:

  • Performing detailed information security measurement and tailored reviews of specific areas such as data loss, infrastructure security components and physical security to ensure that the processes and controls in place are effective at mitigating security risks
  • Assessing your level of compliance against the 12 requirements of the Payment Card Industry Data Security Standard (PCI – DSS) to support you in completing your Self-Assessment Questionnaire (SAQ) or to prepare for an external audit from a Qualified Security Assessor (QSA)
  • Performing audits of critical third parties and suppliers who store and process your data to provide assurance that they meet both your security requirements and the contractual obligations in place
  • Assessing software security maturity using the OWASP Software Assurance Maturity Model, to ensure that your software is free from security vulnerabilities at any point during its lifecycle, that could lead to service and information compromise

ISO 27001 and ISO 27701

ISO 27001 is an internationally recognized and widely adopted standard for information security. It takes a risk-based approach to securing an organization’s most valuable information – whether that’s in digital or physical form.

ISO 27001 helps you manage risks to your business from accidental or deliberate misuse of confidential information. Above all, complying with ISO 27001 provides you with a best practice framework for managing information security. Unlike self-regulated standards, being certified to ISO 27001 involves having an independent verification, at least once a year, that you control security appropriately.

ISO/IEC 27701:2019 is a privacy extension to ISO/IEC 27001 and organizations who are already certified to ISO 27001 will now be able to also certify to ISO 27701. The idea behind this new extension is to enhance the existing Information Security Management System (ISMS) with additional requirements in order to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS).

At Astra Consulting, we help clients implement ISO 27001 and ISO 27701 efficiently and effectively, whether they are looking to achieve full certification or just wishing to align with ISO 27001. We have specialist consultants ready to guide your organization towards certification.

This service can be carried out remotely.

The Benefits of ISO 27001 (incorporating ISO 27701):

  • Manage your IT security risk
  • Keep confidential data secure
  • Improve your business processes
  • Meet third-party risk assessments
  • Comply with regulations
  • Protect your organization’s reputation

The Challenge

Any organization that has confidential information they need to protect such as customer data, payroll information, financial data or intellectual property should consider aligning with or getting fully certified to ISO 27001. There may also be some external reasons why you need to become certified. Some organizations may be subject to regulations such as GDPR or the EU NIS directive; ISO 27001 can help you demonstrate compliance. Additionally, you may have to show that you follow best practice information security to become an approved supplier to a larger enterprise. It may also help reduce your cyber insurance premiums.

GDPR

Data Protection Consulting – GDPR Implementation

As highly experienced consultants, we support you to effectively implement the legal requirements for data protection. As part of data protection audits, we collect information about the existing data processing as well as the technical and organizational security measures (TOM) within your company.

Our audits build the basis for all further data protection activities. We offer you the implementation of the following modules for data protection:

  • Data Protection & IT Policies
  • Data Protection Impact Assessments
  • Data Protection Concepts
  • Data Protection Training
  • Data Protection Processes

In the course of our comprehensive consultancy, we give you specific hints and recommendations for the implementation of additional technical and organizational measures. By this means, you achieve a GDPR and data protection compliant integration of your data processing.

Implementing Data Protection Measures brings Advantages to You.

As part of our consultation, we establish for you a powerful Data Protection Management System (DSMS) with a high degree of security. Based on the data protection requirements, we help you to implement the necessary concepts and processes.

You increase your competitiveness on the market compared others, as you provide secure data applications (“privacy-by-design”). Through the implementation of data protection concepts, you preventively reduce risks with regard to personal data being stored and processed. By following established processes, you ensure compliance with legal deadlines and are able to act quickly in the event of a data breach.