Expertise IT security
Information security or IT security is becoming increasingly important. By training everyone involved (IT and non-IT) and giving more attention, a better level of security can easily be achieved.
Why information security
Information security is important from three perspectives:
- To prevent direct damage. Companies and organizations offer more and more services online. In order to prevent abuse, security must be in order.
- From privacy and data protection. All companies that process personal data are obliged to handle this properly and carefully.
- To prevent reputation damage. Anyone who does not have their security in order can appear negatively in the news and lose the trust of customers through this.
For these reasons, IT security is high on the agenda of many organizations. ICT Institute helps in taking practical steps to improve.
Standards and knowlegde
Softwarezaken has in-house experts on various security aspects who can assist you. We carry out security audits, provide security advice, assist companies in setting up an Information Security Management System (ISMS), and provide a security advisor or Security Officer ad interim. We also often answer research questions about security for IT Due Diligence assignments. Most of our employees are certified ISO 27001 lead auditors, and three of us currently fulfill the role of Data Protection Officer. More about this role and what we can do for you in the field of privacy can be found on our privacy expertise page.
There is a lot of open available knowledge about best practices in the field of IT security. It is important that these practices are used more in companies so that work is done transparently and with up-to-date knowledge. Important resources include the following:
- Security Verified: an information security standard that can be used to demonstrate that an information security system is in place. The standard has been set up as openly as possible, with open criteria and a register.
- A summary of ISO 27001 and a summary of ISO 27002 items in parts one, two, three and four.
- Healthcare-specific standards such as NEN 7510 or NTA 7516 on secure emailing in healthcare
- The industry best-practices OWASP top 10, SANS top 25 and CVE lijsten
- The free website and email security tools from internet.nl en SSLLabs.
- Information on the General Data Protection Regulation, including data protection officer, the data breach reporting obligation, and the conclusion of processing agreements
An overview in article-form can be found here.
We also help organizations to take technical steps, and therefore regularly publish articles and templates on our websites. Dutch articles are published on www.softwarezaken.nl, and English articles on this site. Below is a categorised overview of some relevant security articles and various free templates from Security Verified to use.
- Getting started with information security
- A simple way to do risk management
- Template and explanation of incident register
- Asset inventory and how to set-up / maintain one
- Overview of required documenation of ISO27001
- Access management: an introduction
- ISO 31000 in relation to ISO 27001
- Comparision of BIO vs ISO27001 (NL)
- How to secure your domain (NL)
- Checklist for an information security audit
- Ransomware in healthcare
- CISSP body of knowledge study template
- Information security – cryptographic controls policy example