Business Protection Consulting Plus

Information Security Governance Services

Information is nowadays one of the most critical assets for a large number of organizations. It is spread throughout the company, and its protection needs to be addressed at the highest levels of decision-making. This is where BPC Plus’ Information Security Governance Services come into play. Comprised of highly skilled and experienced security professionals from across the globe, our consulting team can help you to appropriately develop and implement the requirements to achieve best in breed information security governance for your business. Our services are tailor-made, client-oriented and built-up based on international best practices and regional needs.

BPC Plus’ Information Security Governance Services include:

Engaging key stakeholders to develop corporate information security strategy, encompassing business needs, risks, and compliance requirements;
Developing information security program, and the practices to identify risks, threats and vulnerabilities, properly protect assets, and detect, respond and recover from incidents or emergencies;
Outlining information security governance structures, roles and responsibilities, and accompanying their implementation;
Performing information security program maturity assessments;
Defining target maturity profile;
Developing and supporting the implementation of an Information Security Management System (ISMS).

Cyber Security Risk & Compliance Services

BPC Plus’ Cyber Security Risk Services provide corporate executives with a comprehensive view of the cyber security risk profile of their organizations. Our practical approach supports our clients in evaluating the exposure of their information assets and critical infrastructure to cyber threats, and to protect those accordingly.

Additionally, BPC Plus’ Compliance Services support organizations to achieve compliance with applicable laws and regulations.

BPC Plus’ Cyber Security Risk & Compliance Services include:

Developing comprehensive cyber security risk and compliance management frameworks based on international standards;
Conducting cyber security risk and readiness assessments in corporate and industrial environments;
Executing compliance assessments and gap analyses against different frameworks (e.g., ISO 27001, NIA Policy);
Supporting organizations as they undergo external audits;
Performing technical vulnerability assessments and penetration testing on application systems and supporting infrastructure, including ICS;
Defining risk treatments to adequately address the identified risks;
Supporting the implementation of cyber security controls to treat the risks and to achieve compliance;
Providing assurance of the effectiveness of implemented cyber security controls.

Cyber Security Training & Awareness Services

Cyber security is a combination of people, process and technology that support business operations. Most organization’s cyber security programs focus on technology and processes only. This situation leaves aside a key barrier of protection against, and response to cyber security incidents: the people. By doing so, the security posture of the organization is undermined, while people remain the weakest link in the cyber security chain.

At BPC Plus, we strongly believe that the key success factor for any organization’s cyber security program is to empower people as leading actors. Our awareness and training services are tailored to support your organization in driving cyber security through a structured and lasting behavioral change, making “security everyone’s responsibility”, and not only “IT’s business”.

BPC Plus’ Cyber Security Training & Awareness Services include:

Developing a cyber security training and awareness program;
Producing customized cyber security training and awareness content;
Delivering cyber security training and awareness sessions;
Conducting cyber security drills to evaluate and improve personnel readiness towards detecting, responding to and recovering from cyber security incidents;
Measuring cyber security awareness impact/effectiveness.