The correct policy in the field of privacy and cyber security is developed together with your organization. The approach consists of the following components:
Advising Management This concerns advising the management on information security policy and measures to be taken. The starting point for this are the focus areas as described in the GDPR. Important elements are:
Risk analysis in the field of information security;
Get a grip on privacy protection as an organization;
The awareness of the internal employees with regard to cyber security.
Zero-measurement maturity level and information security A zero-measurement is performed to gain insight into the current state and the measures taken. In the zero-measurement the GDPR and the guidelines protection personal data are specifically discussed.
Drawing up action plan On the basis of the results of the zero-measurement, an action plan is drawn up to implement measures to be taken, including in the context of the GDPR and Data Breach Notification Obligation. Starting point for this is a risk analysis of the missing measures. This risk analysis is carried out together with involved employees of your organization.
Information based on a phising audit and employee training Digitale Opsporing provides training for employees concerning the security aspects, as laid down in the action plan. This also concerns awareness of the dangers of internet criminality. Prior to an awareness training a phising audit is performed. A phising audit is a method to measure and directly increase the security awareness of employees.
Knowledge and awareness of the employees is an absolute necesssity to implement the policy effectively and to safeguard the policy. For this, Digitale Opsporing has developed a Cyber Security Awareness Program .