Homepage » Products and services » ICT Security » Security implementation

Security implementation

Security implementation entails the wall-to-wall installation of a system devised to manage the security of information at the customer. It hardly needs mentioning that this process includes an analysis of the company’s current security situation.

Looking beyond administrative measures (in the form of security documentation), the focus is on comprehensively rolling out technical and organisational measures adapted to the customer’s corporate culture. Customers can take their pick of services guaranteeing the implementation of an information security management system complying with the requirements of ISO/IEC 27001, cybersecurity consistent with relevant legislation, and/or the preparation of their information system for certification up to the “Secret” classification level.

The target customer groups are state administration institutions, large and medium-sized companies, and anyone bidding for government contracts.

Information security management system at an organisation

An information security management system is implemented at an organisation by applying procedural and technological measures complying with the requirements of ČSN ISO/IEC 27001. The overarching objective is to devise a system for the efficient establishment, integration, operation, monitoring, review, maintenance and improvement of the information security system at an organisation. It consists of sets of security policies, procedures, directives and relevant resources and activities managed by the organisation to safeguard the protection of assets.

Service parameters

  • analysis of the current information security situation
  • recommendation of the scope to be covered by security policy
  • planning and introduction of arrangements for the organisation of information security
  • risk analysis, including the creation of a risk register
  • draft statement of applicability
  • drafting and implementation of technical measures
  • drafting of relevant security documentation
  • optional arrangements for full compliance with ČSN ISO/IEC 27001
  • consultation arrangements

Key benefits

  • enhanced credibility
  • efficient management of security incidents

Cybersecurity Act

The Cybersecurity Act governs the rights and obligations of natural and legal persons, the competence and authority of public authorities, and their cooperation with each other in the domain of cybersecurity. The service makes sure that cybersecurity at an organisation is consistent with the law. It entails the drafting and implementation of organisational and technical measures. Organisational measures mainly comprise risk management and a definition of the procedural security documentation. Technical measures, on the other hand, concentrate on physical, communication and information security.

Service parameters

  • analysis of the current situation
  • recommendation of the scope of application
  • the drafting of security policy
  • draft methodology for asset and risk identification and appraisal
  • the drafting of an evaluation report
  • draft statement of applicability
  • draft risk management plan
  • draft security awareness development plan
  • proposal for the management of cybersecurity incidents
  • draft strategy for business continuity management
  • drafting and implementation of the requisite technical measures

Key benefits

  • guarantee of compliance with the Cybersecurity Act at the organisation
  • experienced team of security experts

Act on the Protection of Classified Information

The Act on the Protection of Classified Information governs principles for defining classified information, conditions of access thereto, and other requirements for the protection thereof. It also regulates principles for determining sensitive activities and conditions for the performance thereof. The main objective is to prime the customer’s information system for certification so that information up to the “Secret” classification level can be processed. Under the service, design and operational documentation is drafted and technical measures are planned and implemented.

Service parameters

  • drafting of security policy and the outcome of the risk analysis
  • recommendation of information system security
  • drafting of a set of information system security tests, a description thereof, and a description of the results of testing
  • drafting of operational security documentation for the information system
  • draft description of the security of the development environment
  • production of a physical security project
  • drafting and implementation of technical measures
  • consultation arrangements

Key benefits

  • complete preparation of the information system for certification
  • possibility of processing classified information up to and including the “Secret” level