Information security is a very broad field and it is not easy to know where to start, nor where you are in terms of the level of protection.
This is why Easiance has developed a Security Journey.
For a private or public organisations, small or medium-sized, growing or consolidating, Information Security is an important concern but often considered non-urgent. Typically, information security is still considered less of a priority than the many challenges a leader faces. It’s a shame because the law of small steps also applies to Information security. With small, constant and regular efforts, the level of security can be significantly increased.
It is with this in mind that the Security Journey was created. Within the Security Journey, Easiance has established a series of workshops that allow you to cover all aspects of Information security little by little. For each of these workshops, the Easiance consultant establishes a diagnosis with the client and proposes the actions to be taken in order to remedy the shortcomings identified. The consultant therefore proposes concrete measures to be implemented by the internal or external ICT team. But it doesn’t stop there, the consultant also provides templates for policies, procedures, etc. To ensure that processes are controlled. Remember that most Information security incidents do not have a technical origin but a human origin, whether it is a voluntary or involuntary error. Documentation is essential, on a daily basis, both in terms of guidance and awareness.
Moreover, in order to materialise the efforts and the progression of maturity in Information security, Easiance has created milestones represented by successive “Shields”. At each important stage of the journey, the organisation acquires shields one after the other. In this way, the level of security progresses in a concrete way, but also visually.
But every organisation is different and has its own ambitions and constraints. This is why Easiance offers to define the Security Journey of each organisation in a personalised way. First of all, there is the definition of the ambition or destination. This can be to put in place only the basic hygiene elements of Information Security or to obtain an official label such as the CyFun Basic label, or even the CyFun Important label offered by the Center for Cybersecurity Belgium (CCB) or, finally, an ISO 27001 certification. After determining the destination, it is necessary to determine the route. For example, growing in terms of information security maturity by starting with a Basic CyFun label, then a CyFun Important label and finally claiming an ISO 27001 certification. An alternative is to go directly to a CyFun Important label. Another alternative route is to go directly for ISO 27001 certification. At this stage, we have defined the destination and the route, but we still have to take into consideration the time available, per week or month, within the organisation and the available budget. With all these elements, it is possible to determine a precise roadmap and budget.
The Security Journey allows you to move step by step towards more Information Security in a simple but decisive way. In addition, the work carried out is concretised by the obtaining of successive shields and official labels such as the CyFun “basic” or “important” defined by the Center for Cyber Security Belgium (CCB), or even an ISO 27001 certification.