GDPR and Information Technologies
Network and endpoint solutions might prevent unauthorized access to data that needs to be protected but also there is a need for monitoring system usage, anomalies and blocking activities. First step to Data Protection is through Information security with focus on secured network perimeter which are network firewall and antivirus and patch management.
Part of prevention is securing internal and external systems, web services and applications, therefor it's necessary to periodically preform penetration testing, including physical security from cyber-threats.
Further need is control of information and activities, for which is covered in Security Incident and Event Management, Intrusion Detection Systems, vulnerability management, and often tested and secured Web Application Firewall.
Most companies cannot rely on IT departments to cover these tasks and those without separate cyber security department often seek help from third parties to manage their cyber services.
Respond and recover
We conduct tests and simulations of real scenarios to measure ability of an organization to respond and recover from cyber threats that might breach GDPR. Tests will show if it is possible to react in time and prevent those threats, how to mitigate impact and understand what has been compromised.
Recovery assessment will show how fast is possible to continue with operations without new delay.
User and information focus
Secured user management is covered through implementation of multi-factor authentication, privilege access management, single sign on mechanisms.
Information focus covers classification, encryption, and Data Leakage Protection mechanisms.