In an evolving regulatory landscape, organizations are called upon to comply with the various requirements while adapting security requirements to the business processes in distributed organizations as reflected in the different mandatory regulations and standards. Triad Security works to spearhead the adoption of organizational processes and creation of an organization and information and cyber security methods. This extends to positioning the level of security, managing risk processes and the closure of gaps relative to the regulations and standards to which the organization is committed, while continually taking into consideration the business requirements of each individual organization.
Information security set-up
ISO 27001 Standard
Setting up an information security management system – (altering organizational processes to comply with the controls required by the standard) – the risk management and regulations team at Triad Security will assist in leading a process of risk analysis and management in accordance with the standard and against business requirements until full compliance and certification are achieved for the organization according to the ISO 27001 standard. The company’s consultants have extensive experience in carrying out such projects both at locally and globally (for distributed organizations spread over different sites around the world). Triad Security offers its customers assistance ranging from the project’s initial stages through to setting up the complete, controlled Information Security Management System (ISMS) while requiring minimal resource investment on the part of the organization throughout the course of the activity.
ISO 27032 Standard
Defense against cyber-attacks – dependence on the Internet continues to grow. With it, the cyber threats to the organizational information and environments are growing as well. Cyberspace has over the years become a primary concern for organizations. The ISO 27032 standard, which deals with technological and process controls for protecting the cyber space, will help the organization prepare for and deal with emerging scenarios and threats both at the process level and at the technology level. It will create a defense model on which one can rely both in routine and during cyber incidents.
Triad Security offers its customers a support process which will allow the organization to comply with the standard through ongoing assistance to the organization in improving preparedness processes, processes of detecting, monitoring, and responding to cyber-attacks of various kinds, for example – social engineering, attempts to break into organizational resources, malware, APTs, spyware, etc. Triad Security will also assist in defining intelligence gathering and information sharing processes with organizations of a similar business profile, enabling a quality process of learning from events occurring at other organizations and adoption of controls and procedures derived from the security implications prior to the materialization of such an event.
Cloud environment security
ISO 27018 Standard – Information Technology — Security Techniques –
Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds Acting As PII Processors
Triad Security will assist the organization in adopting and implementing cloud environment security controls in order to comply with the privacy requirements prevailing worldwide and to safeguard 27017 ISO Standard – Cloud Environment Security
Triad Security offers the organization a support process which will enable compliance with the standard through ongoing support in order to implement cloud environment security controls for complying with the requirements arising from the standard.
Privacy Protection Regulations
Triad Security’s consultants are experienced in assisting organizations from various sectors and of different kinds in gaining full compliance with the requirements of the privacy protection regulations according to Israeli law, as published in May 2018. The company offers:
- Process and technological gap analysis surveys to expose gaps, insofar as they exist, between the current state and the state required according to the Israel Privacy Protection Authority and building appropriate work plans.
- Assisting the organization in achieving full compliance with the privacy requirements, and managing the process relative to all relevant entities within the organization and outside it. For example, the Chief Information and Cyber Security Officer, the legal department, management, external vendors etc.
Supply Chain Security Management
The organizational supply chain nowadays is designated as one of the potential points of failure in terms of maturity and level of protection of the organizational assets.
In evaluating the security of the supply chain, Triad Security’s consultants will assist the organization from the process of mapping and locating supply chain vulnerabilities through to ongoing assistance in their eradication relative to the external vendors themselves. As part of the supply chain security, we will focus on several relevant issues:
- Vendor mapping and definition of classifications
- Spot and ongoing auditing of vendors
- Reviews and risk management for external vendors
- Examination of the engagement models with the vendors, including audits at the process and technology levels
The work will be done with all the relevant entities including procurement, legal, the external vendors themselves etc.
Procedural Cyber Reviews
Triad Security offers its customers end-to-end process reviews in accordance with the commonly-accepted requirements and regulatory requirements for cyber threats. This is done in accordance with the requirements of the Unit for Government Cyber Defense (YAHAV), the Israel National Cyber Directorate, the National Institute of Standards and Technology (NIST), and the Supervisor of the Banks and Insurance.