Information security

One of Seacon Europe’s key areas of operation is information security. We contribute to improving our clients’ IT security through our proprietary applications and the consulting activities of our qualified professionals.

The role of information in the economy is continuously increasing. In many cases, a company’s data assets represent greater value than all of its other assets combined. The loss of such assets or their exposure to unauthorized parties may not only result in direct financial damage, but may also indirectly endanger the company’s reputation and image.

In order to improve security, the first step is to assess the current situation. Seacon Europe provides assistance in this through an information security assessment, within the framework of which we carry out a simplified audit. The purpose of this audit is to map the client’s IT environment — from a security perspective — and to provide proposed solutions for the deficiencies identified.

Our colleagues use the COBIT methodology to examine whether your IT systems truly meet the requirements of your company, accepted best practices, or applicable legal regulations.

  • As a first step, we jointly define the scope of the audit together with the client.
  • After defining the scope, the affected areas are assessed based on the relevant COBIT questionnaire.
  • Following the collection of information, we identify threat factors, threats, and deficiencies in IT operations, namely vulnerabilities, and evaluate the risks arising from them.
  • During the evaluation, we consider legal requirements, as well as control solutions applied by domestic and international “best practices”, as the basis for the expected level of security.
  • After completing the evaluation, we provide recommendations for establishing an appropriate IT security system and eliminating the identified deficiencies.

Where required due to legal or supplier requirements, or for any other reason, we also undertake the preparation of the organization for ISO 27001 certification.

For Municipalities

If you are a responsible municipal leader, we recommend our municipal information security service to your attention.

Act L of 2013 on the electronic information security of state and municipal bodies entered into force on July 1, 2013. The legislation set deadlines for the affected organizations to determine their security classification and level, appoint an information security officer, and prepare an action plan. These deadlines have already expired. Nevertheless, in many municipalities no measures have been taken to ensure legal compliance, primarily due to a lack of resources.

Seacon Europe provides services and solutions on a monthly-fee basis to support compliance with Act L of 2013:

  • With the involvement of our CISA expert, we carry out the security classification.
  • We assess the current level and prepare the action plan required to reach the prescribed level.
  • Within the framework of an agency agreement, we perform the duties of the person responsible for the security of electronic information systems as required by the Information Security Act.
  • We participate in the review and development of the information security policy, strategy, regulations, and procurement and development procedures.
  • To increase security awareness, we participate in the training of the affected parties and in security awareness education.
  • We carry out risk analysis, as well as regular and ad hoc security analyses and evaluations.
  • In the field of logical and physical protection, we develop solutions proportionate to the identified risks, into which we can incorporate our proprietary tools as well as solutions recommended by our partners.

Further information: www.lbtv.hu

If your organization is not affected by the Information Security Act but would like to raise the level of its information security, we recommend using our information security consulting service.

Where required due to legal or supplier requirements, or for any other reason, we also undertake the preparation of the organization for ISO 27001 certification.

For Savings Cooperatives

Due to their function and operational characteristics, Hungarian savings cooperatives are particularly exposed to threats targeting their data assets. IT-related abuses involving savings cooperatives may also result in concrete and immediate financial losses. These organizations are also in a specific position because they are subject to numerous external, legal, and/or industry requirements, compliance with which is monitored by a government body or an industry auditor.

We can assist in protection against these specific threats and in achieving compliance during audits through the following solutions.

1. Review of IT Security Regulations Applicable to the Organizations

We can provide assistance in several areas regarding compliance with the relevant provisions of MNB Recommendations 1/2015 and 2/2015, Government Decree 535/2013 (XII. 30.), and Section 40/C of the Voluntary Mutual Insurance Funds Act. With the involvement of experts, we evaluate the existing regulatory systems within the framework of an internal audit, identify any deficiencies, and propose corrective measures. These activities help increase the chances of successful compliance during external audits.

2. Audit Support

With the help of our innovative authorization discovery and digital forensic analysis solution, an online audit system can be established that is capable of showing the desired cross-section of the examined environment’s compliance at any selected point in time. All of this is provided in the form of predefined reports, meaning that the list of evidence requested by auditors can be generated during an inspection even at the push of a button.

ISO 27001 Preparation

Information assets represent significant, and often decisive, value in the operation of companies. They require the same level of protection as other assets, or in many cases even stronger protection. The first and most important step of protection is proper regulation and control. The ISO 27000 family of standards describes the management and control of organizations’ operations from an information security perspective. ISO 27001 is a widely accepted and applied international standard for Information Security Management Systems (ISMS). Its implementation provides a foundation for establishing appropriate information security protection. The standard is structured in such a way that it can be easily integrated with other management standards, such as ISO 9001 and ISO 14001, enabling organizations to develop a highly integrated management system.

Benefits of certification:

  • achieving a higher level of security through proper risk management,
  • increased customer confidence and new business opportunities,
  • ensuring business continuity,
  • legal compliance.

Seacon Europe’s specialists and expert partners, holding CISA and ISO 27001 internal auditor qualifications, prepare your organization for the certification audit through consulting services. Through our partner relationships, we are also available to establish complex management systems integrated with other standards, such as ISO 9001, ISO 14001, etc., and we can recommend an independent, accredited auditing company that can issue the official certification.

If the given company already has an Information Security Management System (ISMS) in place, the existing regulations and their implementation must be reviewed. The steps of this process, with regard to compliance with the standard, are as follows:

  • we review the existing documentation,
  • we examine the affected processes and activities,
  • we provide recommendations for correcting deficiencies and non-conformities.

After the accepted recommendations have been implemented, the organization can face the certification audit with greater confidence. This audit may be carried out by an independent, accredited certification body.

  • Where no information security management system has yet been implemented, the appropriate regulatory processes must first be established, documented, introduced, and taught to employees. The system must then be operated for at least three months, after which the certification audit can be conducted by an accredited company and the certification can be obtained. The steps of this process are as follows:
  • Assessment of the current situation, including processes and existing documentation.
  • Based on the assessment, recommendations for optimizing and preparing the affected processes, activities, and documentation.
  • Correction of documents and preparation of missing documents. Typically, the following documents are required:
    -security policy
    -risk management and analysis
    -statement of applicability
    -asset inventory, reviewed according to the standard
    -IT Security Policy
    -physical security plan / instruction
    -disaster recovery plan
    -business continuity plan
    -ISMS manual
    -HR procedures and policies
  • Implementation of ISO 27001. Preparing the organization for the use and operation of the standard through training.
  • Pre-audit, followed by corrective actions and corrections if necessary based on the results.
  • After three months of verifiable operation, the certification audit may take place.
  • The implemented management system must be operated continuously and audited periodically.

If you do not require ISO 27001 certification but would like to raise your company’s information security status to a higher level, we recommend using our information security consulting service.

If you are a responsible municipal leader, we recommend our municipal information security service to your attention.

IT Security Qualifications

  • CISA – Certified Information Systems Auditor

  • ISO 27001 Internal Auditor