Expertise IT security

Information security or IT security is becoming increasingly important. By training everyone involved (IT and non-IT) and paying more attention, a better level of security can easily be achieved.

Why information security

Information security has three main aims:

• To prevent direct damage. Companies and organisations offer more and more services online. In order to prevent abuse, security must be in order.
• From privacy and data protection. All companies that process personal data are obliged to handle it properly and carefully.
• To prevent reputation damage. Anyone who does not have their security in order can face negative press and lose the trust of customers.

For these reasons, IT security is high on the agenda for many organisations. ICT Institute helps in taking practical steps to improve.

Standards and knowledge

ICT Institute has in-house experts on various security aspects who can assist you. We carry out security audits, provide security advice, assist companies in setting up an Information Security Management System (ISMS), and provide a security advisor or Security Officer ad interim. We also often answer research questions about security for IT Due Diligence assignments. Most of our employees are certified ISO 27001 lead auditors, and three of us currently fulfil the role of Data Protection Officer. More about this role and what we can do for you in the field of privacy can be found on our privacy expertise page.

There is a lot of open available knowledge about best practice in the field of IT security. It is important that these practices are used in companies so that work is done transparently and with up-to-date knowledge. You may find these resources helpful:

• Security Verified: an information security standard that can be used to demonstrate that an information security system is in place. The standard has been set up to be as transparent as possible, with open criteria and a register.
• A summary of ISO 27001 and a summary of ISO 27002 items in parts one, two, three and four.
• Dutch healthcare-specific standards such as NEN 7510 or NTA 7516 on secure emailing in healthcare
• The industry best-practices OWASP top 10, SANS top 25 and CVE lijsten
• The free website and email security tools from internet.nl en SSLLabs.
• Information on the General Data Protection Regulation, including data protection officer, the data breach reporting obligation, and the conclusion of processing agreements

An overview in article can be found here.

Security articles

We also help organisations take technical steps, and regularly publish articles and templates on our websites. Dutch articles are published on www.softwarezaken.nl, and English articles on this site. Below is a categorised overview of some relevant security articles and various free templates from Security Verified.

ISMS

• Getting started with information security
• A simple way to do risk management
• Template and explanation of incident register
• Asset inventory and how to set-up / maintain one
• Overview of required documenation of ISO27001
• Access management: an introduction

Blogposts

• What’s new in ISO 27002:2022?
• OWASP top 10 web app risks 2021
• How to improve your website security
• ISO 31000 in relation to ISO 27001
• Ransomware in healthcare

For the most recent overview of all our security-articles, follow blog > security or click here. For Dutch articles, follow this link or visit softwarezaken.nl/nieuws-en-blog.