Information security policies are rules that form the basis of internal control and is important to be established considering comprehensiveness and effectiveness.
NRI Secure supports the establishment of an information security policy that suites the client’s situation, considering but not limited to: business content, information assets, systemization, and personnel organization.
NRI Secure has been supporting various companies regardless of size or industry. Knowledge accumulated from many years of service helps present the security level that the organization should seek based on data from other companies and experience.
NRI Secure will define the assets to be protected after fully understanding the business content of customer’s organization, what kind of information assets the organization owns, and establish information security policies according to the organization’s policy and security level.
Confirmation of Operation Flow and Information Assets
Confirm the business/operation flow
Clarify the information assets to be protected
Clarify the scope of policy establishment
Confirmation of Compliance Target
List the official frameworks and guidelines (e.g. ISO/IEC 27001, industry regulations)
Set the framework or guideline to be used for gap analysis
Analysis of Threats and Vulnerabilities
Understand current security controls in place
Analyze potential risks
Clarify threats and vulnerabilities
Information Security System Establishment
Organize framework of applying controls in information security
Information Security Policy Establishment
Discuss the security level that customer must meet
Establish and effective security policy
If you have any questions, please don’t hesitate to contact us