On demand Security Officer

Read more
Background

Would you like to hire a security officer?

A security officer can help you formulate and implement your information security policy, perform risk analyzes, and design, implement and check authorizations. Enshore Security's security officers have up-to-date knowledge and extensive experience. You only pay for the capacity you use.

€1000,-

a month

Why a security officer?

The protection of your crown jewels, such as blueprints, (customer) data, your business operations and guaranteeing continuity through IT Security, has become a critical priority for every company. Complex infrastructures and technologies, emerging threats, and tight regulatory compliance require expertise and experience. This is the job of a Security Officer. Also referred to as Information Security Officer or Chief Information Security Officer (CISO).

What does a security officer do?

The main focusarea's of a security officer are:

  • Formulating and implementing information security policy
  • Performing risk analyzes, Business Impact Analyzes and Privacy Impact Analyzes
  • Designing, implementing and checking authorizations;
  • Normenkader zoals de ISO 27001 of BIO beheren en onderhouden;
  • Performing supplier selections and risk management
  • Organizing and safeguarding business continuity, such as implementing contingency plans
  • Managing incidents and following up on them
  • Improve information security processes
  • Presenting and raising awareness
  • Conduct internal audits
  • Providing insights into the IT landscape and giving direction to configuration management
  • Ensuring the privacy processes, such as data breach reporting obligation, and maintaining the processing register.

Is a security officer mandatory?

Om een ISO 27001 of NEN 7510 certificaat te verkrijgen, dient u over een security officer te beschikken. Bij organisaties die gecertificeerd zijn voor de NEN 7510:2017 is het verplicht om het als volwaardige functie bij één persoon neer te leggen.

When to hire a security officer

For many organizations, the role of a Security Officer is not a full-time position. The organization can choose to assign it as a task to an employee. However, securing sufficient and up-to-date knowledge is a challenge. In that case, many organizations choose to hire a Security Officer.

The security officers of Enshore Security work together with other Enshore Security departments. This includes auditing or pentesting. This gives next to the knowledge and expertise of a security officer, also the knowledge of the network that he / she brings along.

Benefits:

  • You have a Security Officer while you only pay for the capacity you use.
  • This gives you current knowledge, experience and smart professionals at your fingertips.
  • You give concrete form to your legal obligations in the field of privacy and security.
  • Your organization is fully aware of the risks.
  • Control measures have been implemented in a risk-oriented way.
  • Your security administrations and registrations are updated.

Referenties

1.

We have conducted a multitude of audits at a large municipality, varying from DigiD, Ensia, data quality of key registers and audits for the annual accounts. Additionally, migrations were assessed as a result of a reclassification. The audits have resulted in reports of findings and recommendations.

2.

A COBIT framework of standards has been implemented at a large financial institution for the supervisory authority De Nederlandsche Bank. All controls should be implemented to at least a maturity level of 3 (and some at 4). The implementation was a program with projects and sub-projects. The subjects of supplier management, software development, Identity & Access Management and change management had the primary focus. This was also aligned with the in-house supplier of ICT services. At the end of the program, there was reported as scheduled to DNB that the organization was operating at the agreed maturity level. This has been established on the basis of internal audits.

2.

3.

A program has been started at a large health insurer to comply with (renewed) supervision by De Nederlandsche Bank. The program was implemented to improve the following topics: Identity & Access Management, Business Continuity Management, Change Management, Policy and Behavior, Information Classification and External Interfaces (including the Vecozo links). De Nederlansche Bank has been reported that the desired maturity level is operational as planned.