Security

Would you like to hire a security officer?

Read more
Background

Welcome to Enshore Security

Nowadays, more and more business processes are being digitized. Digitization provides a multitude of additional options and functionality. At the same time, the risks also frequently increase. With one mouse click hackers are at your digital front door from the other side of the world. Legislative and regulatory obligations are also becoming stricter in order to deal with them better. Recognizing the risks and taking appropriate measures is not an easy task. Sufficient measures are needed to mitigate threats, but the measures must also not hinder day-to-day operations. A risk-oriented approach is essential.

As a senior partner and founder of Enshore Security, it is my personal mission to make and keep organizations safer. Enshore Security focuses on implementing a risk-oriented approach for organizations to keep moving in a more complex environment.

As an IT and ISO auditor I have been able to assess many organizations on their effectiveness in security. I often see too less focus on simplicity, a clear approach and quality.

Based on this vision, we guide and train our security professionals within Enshore Security. We ensure sufficient attention for all aspects of security.

Enshore Security makes this knowledge and experience available through our security officers. With our team we offer a powerful solution for improving the security maturity level of your organization.

Marcel Dusink,
Senior partner Enshore Security

Would you like to hire a security officer?

A security officer can help you formulate and implement your information security policy, perform risk analyzes, and design, implement and check authorizations. Enshore Security's security officers have up-to-date knowledge and extensive experience. You only pay for the capacity you use.

€1000,-

a month

Why a security officer?

The protection of your crown jewels, such as blueprints, (customer) data, your business operations and guaranteeing continuity through IT Security, has become a critical priority for every company. Complex infrastructures and technologies, emerging threats, and tight regulatory compliance require expertise and experience. This is the job of a Security Officer. Also referred to as Information Security Officer or Chief Information Security Officer (CISO).

What does a security officer do?

The main focusarea's of a security officer are:

  • Formulating and implementing information security policy
  • Performing risk analyzes, Business Impact Analyzes and Privacy Impact Analyzes
  • Designing, implementing and checking authorizations;
  • Manage and maintain a framework of standards such as ISO27001 or BIO
  • Performing supplier selections and risk management
  • Organizing and safeguarding business continuity, such as implementing contingency plans
  • Managing incidents and following up on them
  • Improve information security processes
  • Presenting and raising awareness
  • Conduct internal audits
  • Providing insights into the IT landscape and giving direction to configuration management
  • Ensuring the privacy processes, such as data breach reporting obligation, and maintaining the processing register.

Is a security officer mandatory?

To obtain an ISO 27001 or NEN7510 certificate, you must have a security officer. Organizations that are certified for the NEN 7510: 2017 are obliged to give it to one person as a full function.

When to hire a security officer

For many organizations, the role of a Security Officer is not a full-time position. The organization can choose to assign it as a task to an employee. However, securing sufficient and up-to-date knowledge is a challenge. In that case, many organizations choose to hire a Security Officer.

The security officers of Enshore Security work together with other Enshore Security departments. This includes auditing or pentesting. This gives next to the knowledge and expertise of a security officer, also the knowledge of the network that he / she brings along.

Benefits:

  • You have a Security Officer while you only pay for the capacity you use.
  • This gives you current knowledge, experience and smart professionals at your fingertips.
  • You give concrete form to your legal obligations in the field of privacy and security.
  • Your organization is fully aware of the risks.
  • Control measures have been implemented in a risk-oriented way.
  • Your security administrations and registrations are updated.

Referenties

1.

We have conducted a multitude of audits at a large municipality, varying from DigiD, Ensia, data quality of key registers and audits for the annual accounts. Additionally, migrations were assessed as a result of a reclassification. The audits have resulted in reports of findings and recommendations.

2.

A COBIT framework of standards has been implemented at a large financial institution for the supervisory authority De Nederlandsche Bank. All controls should be implemented to at least a maturity level of 3 (and some at 4). The implementation was a program with projects and sub-projects. The subjects of supplier management, software development, Identity & Access Management and change management had the primary focus. This was also aligned with the in-house supplier of ICT services. At the end of the program, there was reported as scheduled to DNB that the organization was operating at the agreed maturity level. This has been established on the basis of internal audits.

2.

3.

A program has been started at a large health insurer to comply with (renewed) supervision by De Nederlandsche Bank. The program was implemented to improve the following topics: Identity & Access Management, Business Continuity Management, Change Management, Policy and Behavior, Information Classification and External Interfaces (including the Vecozo links). De Nederlansche Bank has been reported that the desired maturity level is operational as planned.

Penetratietest

In een wereld waar grootschalige cyberaanvallen tot de orde van de dag behoren is het essentieel om uw infrastructuur en (web-) applicaties te toetsen op kwetsbaarheden. Door een penetratietest (pentest) uit te voeren kunnen eventuele gaten in de beveiliging worden geïdentificeerd en gedicht.

Vanuit wet- en regelgeving wordt het belang van regelmatig penetratietesten sterk benadrukt. Een jaarlijkse penetratietest is een vereiste voor bijna alle informatiebeveiliging certificeringen.

Enshore Security is gespecialiseerd in het uitvoeren van penetratietests. Deze leiden tot zelfstandige rapportages die bijvoorbeeld gebruikt kunnen worden als onderliggende rapportages bij audits en assessments. Hierbij kan men denken aan een penetratietest voor:

  • ISO27001 / NEN 7510 
  • DigiD
  • ENSIA
  • BIO
  • ISAE 3000 / ISAE 3402
  • SOC 1, SOC2 of SOC3

Kijkt u voor meer informatie ook eens op de site van Penetratietest.io, het onderdeel van ons Shared Service Center waar we dieper ingaan op de dienstverlening rondom penetratietesten en certificeren.