Recurring Information Security Services

Security Policies, Standards, Guidelines and Procedures:

A Security Policy provides a company-wide, high-level description of the regulations and controls required to protect data and transactions. It is worked out by a policy development team with the objective of reducing the assessed risks and defining rules, roles and responsibilities for all information security issues. It also includes processes to be implemented in order to establish the defined levels of protection, including a process to review and improve this level methodically.

Experienced S&T consultants as mentors can guide and advise the policy development team by providing structured agendas and sessions, documenting the outcome of the workshops and finally performing a joint review of the draft version with the team and management, before it is published within the organisation.

To keep this primary document clear and brief, additional definitions and explanations about the regulations in the policy are worked out with support and input from S&T consultants, who describe "how to". Finally, detailed amendments for processes and standards complete these top-down documents.

Information Security Awareness & Training:

Education & Awareness:

People are the most critical part of an organisation's security. More than 60% of security breaches are caused by people. Efforts in raising security awareness and security education will significantly lower the number of information security incidents.
Our training offer covers users as well as experts:

First, S&T Information Security Consulting develops corporate information security awareness programmes and performs the complete rollout.

Second, focussed workshops on security related subjects for the experts in the Information Security team keep them updated on the leading edge of strategies and aligned methodologies.

Vulnerability & Penetration Testing:

A penetration test actively evaluates the security measures that protect your information assets. There are a number of ways that this can be undertaken; the most common procedure is that the security measures are actively analysed for design weakness, technical flaws and vulnerabilities.

Read more: Penetrationtest

Information System Auditing:

Information systems audits are increasingly becoming an essential part of regular financial auditing for most organisations. Financial and government organisations in many countries are required by national bodies to perform information systems audits and report the results to authorities.

S&T's experienced Certified Information Systems Auditors (CISA) and ISMS Auditors (ISO 27001) develop complete audit strategies and audit methodologies for their clients and perform complete audits of various types in order to assure compliance with defined standards.