Please Wait

Cyber Security

Governance & Consulting

Cybersecurity Consulting services facilitate organizations into developing and adopting a Cybersecurity Governance model which is aligned with global best practices, laws, regulations as well as obligations which derive from contractual provisions and/or other industry specific standards. This is performed not only through drafting cybersecurity policies & procedures but also through continuous support and consultation to assist enterprises into enforcing appropriate level of cybersecurity into everyday work and operational processes. Governance model covers required cybersecurity measures to be applied to operational working practices along with processes to achieve continuous monitoring, evaluation and enhancement.

For standards, regulations & guidelines relating to cybersecurity, ADACOM assists organizations in the design and implementation of effective enforcement by providing on-demand expertise.

Our objective is to support current and future business needs, as well as to support enterprise resilience and provide an effective way for organizations to protect their information in an extremely dynamic and risky environment.

Compliance Management

ADACOM Consulting team assists organizations to design and implement of effective enforcement and be compliant to standards, regulations and/or guidelines related to cybersecurity.

Compliance with Standards

ISO Standards:

ISO27001:2013 & ISO27001:2022: cybersecurity, cybersecurity and privacy protection — Cybersecurity management systems — Requirements
ISO 22301:2019: Security and resilience — Business continuity management systems — Requirements
ISO 37001:2016: Anti-bribery management systems — Requirements with guidance for use
ISO/IEC 27701:2019: Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management — Requirements and guidelines

PCI DSS Standard:

It is a set of technical and operational requirements for safeguarding cardholder information. PCI DSS aims to ensure that entities accepting, storing, processing, or transmitting card information maintain a secure environment
The PCI DSS is administered and managed by the PCI Security Standards Council, an independent body founded in 2006 that was created by the major payment card brands Visa, MasterCard, American Express, Discover and JCB
The Standard applies to all the organizations, that accept, transmit or store cardholder data

TISAX (Trusted Cybersecurity Exchange) Standard: TISAX (Trusted Cybersecurity Assessment Exchange) is a standard developed by the European vehicle manufacturers, suppliers, and organizations, as an assessment and exchange mechanism for cybersecurity in the automotive industry. It brings standardization, assurance, and mutual recognition of cybersecurity audits compliant with ISO 27001 standards.

SWIFT Attestation (Society for Worldwide Interbank Financial Telecommunication): The CSF, updated by SWIFT in 2019, includes a mandatory attestation process whereby SWIFT users are required to submit a -attestation against the mandatory security controls using the Registry self Security Attestation Application KYC online portal developed by SWIFT for this purpose.

Compliance with Regulations

ADACOM with extensive experience on regulatory and legal frameworks relating to cybersecurity may guide Organizations to effective enforcement of respective provisions. Regulations’ compliance supported by ADACOM:

GDPR – General Data Protection Regulation: EU Regulation relating to privacy and protection of personal data
NIS Directive: The Directive on Security of Network and Information System aims to widely establish shared NIS security standards and practices across the EU
eIDAS: eIDAS (electronic IDentification, Authentication and Trust Services) is an EU regulation on electronic identification and trust services for electronic transactions in the European Single Market

Compliance with Guidelines

IMO Guidelines

ADACOM assists Maritime sector to deploy an effective Risk Management Process for vessels and HQ. Taking into consideration risks identified and existing controls, ADACOM assists the Company to address and mitigate current risks prioritizing remediation controls in order to implement the required level of Information & Cyber Security
To achieve that, ADACOM uses a holistic approach enforcing technical and organizational measures and activates effective monitoring mechanisms to promptly alert the organization on violations and discrepancies which need to be promptly addressed

EIOPA Guidelines:

The European Insurance and Occupational Pensions Authority (EIOPA) identified the need to develop specific guidance on information and communication technology (ICT) security and governance to enable insurance sector organizations achieve the following objectives:

provide clarification and transparency to market participants on the minimum expected information and cyber security capabilities, i.e. security baseline
avoid potential regulatory arbitrage
foster supervisory convergence regarding the expectations and processes applicable in relation to ICT security and governance as a key to proper ICT and security risk management

The guidelines apply to both individual insurance/ reinsurance undertakings and “mutatis mutandis” at the level of the group (Article 212 paragraph 1 of the Solvency II Directive 2009/138/EC).

The orders that relate to the adoption and implementation of the EIOPA Guidelines shall apply from 1 July 2021.

Roles as a Service

ADACOM’s Roles as a Service, help organizations ensure the security of business-sensitive applications and information technology (IT) infrastructure.The services are provided by highly qualified industry experts and security professionals who help your organizations strengthen the cyber security strategies.

ADACOM Cybersecurity Consulting team can support specific roles for an organization to fully address tasks and activities required on a daily basis.

Information Security Officer (vISO) as a Service

Use the knowledge of a consultant, to manage your business’ security program

As a pure Cybersecurity Services Provider, we can provide the option of becoming an organization’s ‘Virtual’ Information Security Officer or ISO as a Service. The service is about to use the knowledge and experience of someone to manage your business’ security program and in many cases, hiring an external vISO partner is the smartest choice.

Challenges

The ISO role is not an easy one. They must be adoptive of a mindset where they anticipate how, and where, bad things will happen, understand how the technology can be abused by adversaries, while at the same time being able to communicate all of that in terms of risk and potential financial exposure to the Management Team of an organization
Many organizations either cannot afford their own information security department or would instead invest in having a dedicated firm working with them to meet their needs. As the landscape for cyber breaches and malicious actors continues to increase, companies will need experienced professionals to mitigate these risks

Activities of the role

Expertise and support on specific cybersecurity areas and processes such as:

Cybersecurity Governance
Risk Management
Threat Analysis
Business Impact Analysis (BIA)
Internal Audit
Management Review
Awareness
Third Party Management
Incident Response
Business Continuity Management
Compliance

Benefits

With the use of a vISO, a company can pay as a service, and get the expertise of a highly qualified, experienced ISO without the overhead of benefits and total compensation of an employee
The companies that use vISOs, have the benefit of working with and learning from multiple security infrastructures. The big advantage of operating like this, is that you’re getting the greatest value add out of your vISO in the minimum time
Virtual security officers may be the solution for smaller companies that cannot find a qualified ISO within their price range, or for companies that are required to have an ISO but do not wish or cannot afford a full-time specialist

Data Protection Officer (DPO) as a Service

Outsourcing role concerning organization’s compliance with the legislations, cyber security technologies & trends, data protection practices and processing activities

Data Protection Officer (DPO) ensures that your organization complies with the legislation, acts accordingly regarding data protection practices, and has general ownership of data processing activities. For some organizations, it’s mandatory to have a nominated DPO, but it’s almost always recommended.

Activities of the role

DPO is addressing & enforcing data protection processes:

Gap Analysis versus the General Data Protection Regulation (GDPR)
Risk Assessment
Privacy Governance
Privacy by Design
DPIAs (Data Protection Impact Assessments)
Data Breach Management
Subjects’ Rights’ Management
Contracts’ Management
Privacy Awareness

Benefits

By outsourcing the role of the DPO, you can reach the following benefits:

Engage an experienced team of privacy specialists with wide-range expertise in data protection activities in various fields
Flexibly outsource data protection related activities and focus on your core business
Improve the level of GDPR compliance
Mitigate the risk of a conflict of interest of the DPO
Ownership and structure to privacy & data protection activities

Service expansion

DPO as a Service can focus on the tasks described in the GDPR as well as operative data protection activities. The service does not thus have to be limited to mere advisory and compliance monitoring described in the GDPR. DPO outsourced service from Adacom can take care of other privacy and data protection tasks, e.g. privacy auditing, assessments, reviewing and planning.

Digital Resilience Readiness

Services provided to an organization for the ability to adapt, withstand, and recover from service disruptions, attacks, and other digital challenges.

BCMS & DR

The service includes the complete implementation of BCMS covering all aspects of business continuity. Some of the main activities that are carried out are:

Identification of legal and regulatory requirements relating to business continuity
Identification of requirements from stakeholders and business partners relating to business continuity
Business continuity strategy
Business continuity plans, incident handling and communication plan
Development of documentation required for business continuity to ensure recovery
Training and awareness for business continuity
Testing and exercising the business continuity plans
Effectiveness measurements of the business continuity plans
Continual improvement of business continuity

The service is aligned with the requirements of ISO22301 and worldwide accepted best practices, such as BCI (Business Continuity Institute).

Third Party Management

ADACOM supports an Organization into adequately addressing risks relating to third parties and also undertaking activities for secure and efficient third party management. Our methodology to third party management is addressed at all phases of third party cooperation:

Development of Cybersecurity criteria for third party evaluation & selection
Conducting Initial & periodic third party evaluation relating to their criticality
Managing Contracts to address cybersecurity requirements
Exercising the right to audit
Developing and monitoring Action Plan on Third Party Activities to address contractual obligations or audit findings

IT Risk Assessment

Risk Management is the most powerful tool in order to effectively support Organization & Information Resilience. Our holistic approach to information security risk management, utilizes its Information Resilience framework, to support further more Organization & Enterprise Resilience.

This is a more consistent and unified approach to information risk management resulting increased confidence and greater assurance that realized risk will not affect an organization's ability to achieve its business mission.

Our Approach

Our consulting team follows a holistic approach in managing information security risk (based on business impact), which evolves beyond technology-focused risk and includes domains such as governance & compliance, privacy (of personal information), resilience & continuity, management & organization, and information security in physical security (of tangible assets) & interconnected devices.

Which are the Key facts

A tool to prove information security added value related to Corporate business objectives
Define priorities and resource requirements for risk reduction
Define risks & mitigation controls related to critical business resources, processes and objectives
Top-down definition of risk appetite and critical information assets
Map critical assets across systems and business (and third parties)
Engage board and senior executives in order to accurately determine the risk appetite for the organization
Assessment of current cybersecurity maturity vs the maturity level required to meet the risk appetite
Compliance itself it is viewed as a risk that must be managed the same as all other risks to the business

Value we add

Integration of international and local compliance requirements with Governance & Risk Management processes
Establish processes for the Protection of the Critical Information assets when the organization is under stress. We make Organizations ready to respond to any kind of cyber incident that might affect their Resilience
Service delivery is based on our Information Resilience Framework, enforcing Continuous Assurance, Improvement & Response
Maximize the trustworthiness of business information, by elevating the information resilience level based on effectiveness and applied innovation

Threat Assessment

ADACOM provides the Threat Assessment service to identify cyber threats and propose the appropriate organizational and technological protection mechanisms. This service has been designed by our engineers and is based on threat modeling through attack trees. Threat modeling is a process that helps to identify threats, attacks, vulnerabilities, and to list the countermeasures related to systems and data. The related tasks include:

Identification of systems and data
Identification of security objectives
Applying adequate design techniques and principles
Create a threat model
Review the security architecture

As a reminder, security objectives set the framework that a company should follow in order to find the right balance between security and functionality. Security is an attribute that must be balanced with other qualitative and quantitative attributes (e.g. efficiency, compliance with standards, etc.), but also constraints on confidentiality, integrity and availability of data. Thus, defining security objectives therefore helps to determine first what to achieve in terms of security and later how to achieve it.

Accordingly, the use of appropriate security practices helps to reduce the risks associated with strategy design and avoid many of the errors introduced by design choices. Adopting widespread practices can lead to countering attacks by reducing the vulnerabilities that may occur, helping us to focus on those areas where security gaps are most common.

Awareness

The main objective of these services is to raise awareness among the employees of an organization so that they are able to recognize the value of different types of personal data and information and act on time in the interest of protecting that information. In addition, the training is designed to provide interactivity and keep participants engaged throughout the training.

An indicative list of topics covered during the awareness courses are:

For data protection:

Basic concepts of personal data protection
Fundamental principles of data protection
Rights of Subjects in relation to their personal data
The role of the Data Protection Officer
Retention of personal data processing records
Protection and breach of personal data
Obligations to comply with personal data protection
Non-compliance and Fines
Information Security

For information security:

Fundamental principles of information security
Information Security Threats
Proper use of email
Proper use of the internet
Proper use of computers and personal devices such as smartphones, tablets, etc
Physical Protection of devices
Password Security
Information Security during Teleworking
Use of Social Media
Incident Response
Proper use of shared computers, free Wi-Fi and USB charging points

Security Built on Trust

Governance & Consulting

Compliance Management

Roles as a Service

Digital Resilience Readiness

Stay Up To Date