Are you sure your GDPR controls are adequate? Contact us for a review
CyberSecurity Governance is a fancy term for "how an organization manages and controls its CyberSecurity". It defines who's responsible & accountable for what, and provides the required oversight to ensure that risks are identified and mitigated.The program consists of a set of processes, documents called "policies & procedures", and reporting (metrics/KPIs). We can help you build, refine, implement and/or review your CyberSecurity Governance program, and we prefer to use a standard methodology to do so (ISO 2700x). Sounds scary? Sounds overkill? That's understandable ... if you don't have a program yet. Don't worry, our approach is very pragmatic. We'll start by looking at your critical systems & processes first, and work our way up from there. Most of the things defined in the ISO standard are common sense really. In fact, you may already be doing some of the tasks today. In that case, we'll only formalize them in a document. That's it. Plain and simple.
Doing business is all about risk. CyberSecurity is a part of that, and managing it properly can be a true enabler to your business. Do you have a clear view on your IT and CyberSecurity risks? Do you fully understand the impact of those risks as well? Are you able to protect your business in a good manner? The goal of CyberSecurity is to reduce CyberSecurity risks, allowing you to take/increase business risks in other areas of your company, f.i. to create a competitiveadvantage over your customers. On top of that, if you're doing business in Europe, then you should be already familiar with GDPR. The General Data Protection Regulation requires you to have certain controls & processes to protect personal data. When things go wrong, the fines can be severe, especially if you were not really following the rules. This can be avoided. Security governance is what glues everything together: upper management support, technology, risk management, policies & procedures, awareness, audits, etc. It's not rocket science, and we can help you set it up, addressing your specific needs, using a standard framework such as ISO2700x #commonsense
Over the years, we've built significant expertise in the development of certain key processes, including: - change management (what are you going to do to make sure that a change to your systems doesn't halt your business) - incident management (what are you going to do if something happens) - vulnerability management (how are you going to protect your systems, and detect & mitigate vulnerabilities) - business continuity (what if something really bad happens, how can you prevent going out of business)
We fully understand, no problem at all. Our "CISO/CSO as a service" program means that we can provide the expertise (on a temporary/part-time basis) to help you develop a program, to set up policies & procedures, and so on. We'll gladly assist your staff (internal or external) with the actual implementation. We'll define the roadmap and pace together. If you already have dedicated staff, of course we're happy to work with them too.
We look forward to working with you to design a risk management approach that addresses your specific needs, context, risk exposure and maturity level. It doesn't matter of you're small or large, we'll adapt and we'll go as fast or as slow as you'd like. Even if you already have a partner that handles your IT & Security services, it would still be valuable to bring in someone else, to get an objective view on things, and to double-check if - in reality - everything is as good as you think it is. Or perhaps you just want to adopt the best practise of rotating between companies to perform penetration tests & audits. Of course we're happy to be part of the rotation model as well. In any case, we're ready to help reduce your CyberSecurity risk exposure, allowing you to focus on your core business, enabling you to increase business risk in other areas of the company as needed to outsmart your competitors, to move faster than they can. That, too, is just common sense. #pragmatic #commonsense
Together, we'll identify your specific risks and we'll devise a plan to mitigate them, with the use of technology, processes, and so on. Of course we're happy to include systems running in the cloud as well.
We'll assess if your protection & mitigation controls are adequate, through vulnerability assessments, ethical hacking "penetration tests", or manual control reviews.We also have experience with GDPR, and can pro-actively check if your systems are properly protected. Better safe than sorry.
We're more than happy to take an objective look at the maturity of your overall Governance (policies, processes, etc), and suggest improvements where applicable.
If you do business in Europe, you should be familiar with GDPR already. The General Data Protection Regulation requires you to implement a set of processes & controls related with the handling and processing of personal data. As it is the case with many laws & regulations, it can be somewhat challenging to understand and to implement GDPR in the right way. Of course it makes sense to get assistance from a subject matter expert, someone who understands the legal background and implications. Quite regularly, we see that companies tend to 'outsource' the process to a legal council (who is in a good position to help with the legal side), and/or to an expert on implementing GDPR-specific processes and/or to their already existing IT supplier. At some point in the process, they decide to purchase some kind of application to assist with the administrative work. And they believe that's where the story ends. Unfortunately, all too often, the preventative IT controls & protection mechanisms that are needed to protect personal data, that are needed to prevent data breaches & data loss, are neglected and not checked on a regular basis. In reality, a lot of people don't really know for sure if they are doing things in the right way or not.If something goes wrong, (and especially if you were not following the rules, such as implementing "preventative measures"), the penalties can be quite severe.
Don't worry - we can help ! We'll perform a review of your IT controls & protection mechanisms, verifying if they are adequate and if they will help you prevent breaches or data loss. Based on the audit, we'll indicate what you can do to improve. We can perform a basic review, and we can run a full audit as well. That's entirely up to you!
Click here to open the PDF brochure (Dutch) to get more details & pricing information.
Over the past 20 years, we've built significant expertise in developing & implementing numerous essential operational processes that will help you protect & secure your business.In addition to the 4 examples listed below, we can also help with other processes, including problem management, preventative IT system maintenance program, etc.
IT Change management allows you to control IT changes, avoiding that a change to your systems would stop your business
Incident Management defines the process related with the handling and escalation of incidents
Vulnerability Management defines the process around vulnerability detection, vulnerability scanning and remediation.
We can help you create a business continuity plan, allowing you to survive small & large disasters that would otherwise cause significant damage to your business.
One of our key strengths is our unique ability to combine 20 years of real-life hands-on experience with ICT Infrastructure and Security, in a private production company. We know how to get things done in a pragmatic and secure way.
We can help you to review your existing network & systems topology, looking for strengths and weaknesses. We can help you create a roadmap for technological improvements. Or give you a second opinion about an already made design. Of course, security is always in our mind. #commonsense
We can help you secure your networks and assist you with the implementation of security components (firewall, internet access filtering, remote access, endpoint protection, etc)
Monitoring is one of the most important aspects of your ICT Infrastructure. We can help you with various layers of monitoring (Network & System monitoring, AD, SIEM, Intrusion Detection, User behavior analysis, etc)
We take a methodological approach to managing and assessing risk, allowing you to secure your industrial environment and related systems in a systematic way, while enabling your business to use new forms of automation and technological advancements.
Together with our partners, we've built substantial expertise in securing Industrial networks.
Patrick, Corelan Bootcamp, Hack In Paris
Chris Whipp, Corelan Bootcamp, Sydney AU Nov 2019
Paolo, Corelan Bootcamp, Zurich March 2020
Nick, Corelan Bootcamp, BruCON Spring 2017
GK, Corelan Advanced, Athens Greece, Jan 2020
Alex, Corelan Advanced, Singapore March 2018
Denis, Corelan Advanced, BruCON Oct 2018
Price, Corelan Advanced, Derbycon
Adrian, Corelan Advanced, Athens Greece Jan 2020
Christophe De La Fuente, Corelan Advanced, February 2020
Gershom Rogers, Corelan Advanced, Columbia MD (USA) - Sept 2019
Mohammed Al Baqari, Corelan Bootcamp, Dubai Oct 2020
Student (Corelan Bootcamp) in Singapore, March 2019
Omar Asali, Corelan Bootcamp, Dubai 2019
Koen Bossaert, Corelan Bootcamp, BruCON
Michael, Private class, Stockholm Dec 2020
Christopher, Corelan Bootcamp, Hackfest Québec
Bob, Corelan Advanced, BruCON September 2020
Raffaele Sabato, Corelan Advanced, Athens Greece Jan 2020
Appleakator, Corelan Advanced, BruCON Oct 2018
Phillip OKeefe, Corelan Advanced, Derbycon
Yiannis Koukouras, TwelveSec M.D, Corelan Advanced, Athens Greece 2020
Student at Corelan Bootcamp, Anaheim CA (USA) May 2019
Nubianz, Corelan Advanced, Hackfest Québec 2016
Owais, Corelan Advanced, Dubai Dec 2019
Timeless Prototype, Corelan Bootcamp, Private training
Nick, Corelan Advanced, Hack In Paris 2017
Paul Quirk, Corelan Bootcamp & Advanced, Sydney Australia 2019
Manu Carus, Corelan Bootcamp, Hack In Paris
Bryan, Corelan Bootcamp, BruCON Spring 2016
Chris John Riley, Corelan Bootcamp, BruCON
Javier, Corelan Bootcamp, RootedCON Madrid
Bryan, Corelan Bootcamp, BruCON
Martin, Corelan Bootcamp, Zurich March 2020
Chris Hernandez, Corelan Advanced, Derbycon
Cooper, Corelan Bootcamp, Sydney
Anonymous, Corelan Advanced, Derbycon
Andrea, Corelan Advanced, Hack In Paris 2019
kciredor, Corelan Bootcamp, BruCON
John, Corelan Advanced, Derbycon
Faisal, Corelan Advanced, Columbia MD (USA), May 2021
Yaniv Miron aka Lament, Corelan Bootcamp, Hackfest Québec
Rick Oates, Corelan Bootcamp, Sydney
Nelson Santos, Corelan Bootcamp, Derbycon
Romain, Corelan Bootcamp, BruCON Spring 2017
Schuyler Dorsey, Corelan Bootcamp, Derbycon
Rikkert ten Klooster, Corelan Advanced, Hack In Paris 2019
Stefan Nicula - Corelan Advanced - BruCON 2019
Fabius, Corelan Advanced (Columbia, MD, USA) - May 2021
Carlos, Corelan Bootcamp, Private class
Bernd, Corelan Advanced, BruCON Oct 2018
Wizzy, Corelan Bootcamp, Sydney
Madalin, Corelan Bootcamp, Zurich March 2020
Russ Rogers, Corelan Advanced, Derbycon
Student (Corelan Advanced) at Columbia, MD - Sept 2019
Student - Corelan Advanced - BruCON 2019
Xenofon Vassilakopoulos, Corelan Advanced, Athens Greece Jan 2020
Hamza, Corelan Bootcamp, Singapore March 2019
Dan, Corelan Advanced, BruCON Oct 2018
Matteo Malvica, Corelan Advanced, BruCON Oct 2019
Justin Steven, Corelan Bootcamp, Sydney
Student, Corelan Advanced, BruCON 2019
Rick, Corelan Bootcamp & Advanced, Sydney Australia Nov 2019
Grégory Draperi - Corelan Advanced - Hack In Paris 2019
Austin Seipp, Corelan Bootcamp, Derbycon
Check out our training schedules at https://www.corelan-training.com/index.php/training-schedules and sign up for one of our classes!
WhatsApp us
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
More information about our Cooke Policy
