Consultancy

Specialized services aiming to help clients develop a plan to overcome security issues detected within a security audit. Besides supporting to repair and reinforce the actual vulnerabilities detected, Dognædis helps the development of security procedures and policies that aim to be the best fit for the specific organization. It also helps to design security strategies and contingency plans for when incidents occur, as well as raising security awareness and promoting good security practices, seeing this as a mandatory requirement for a long-term sustainable security culture inside organizations. This activity area also encompasses the required expertise to specify, develop and deploy generic information security solutions, ranging from simple configuration of the infrastructure, to from scratch development of customized solutions in a specific context. The main goal is always to implement a holistic and continued Security.



DPOaaS

Designating a Data Protection Officer (DPO) for your company is not an easy task due to the complexity and variety of knowledge required, whether in the procedural, technical or legal areas. From our point of view a DPO shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection, in processes and procedures and in law.

At Dognaedis we believe that finding such an individual person is almost impossible, so on the basis of a service contract we provide our DPO as a Service (DPOaaS) which is composed of a team with all the necessary skills to perform the DPO function. This way you always have the best resources at your disposal, at all times.

Our DPOaaS team shall in the performance of their tasks have due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing, and must at least fulfill the following tasks:

 

  1. to inform and advise the controller or the processor and the employees who carry out processing of their obligations pursuant to this Regulation and to other Union or Member State data protection provisions;

  2. to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations and the related audits;

  3. to provide advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article 35;

  4. to cooperate with the supervisory authority;

GRC consultancy

ISO 27001 Implementation

This service is designed to help any company in their efforts to be ISO 27001 compliant. The ISO/IEC 27000 family of standards helps organizations manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties, while providing the requirements for an information security management system (ISMS).

An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.

It can help small, medium and large businesses in any sector keep information assets secure. Dognaedis has developed a Program Management platform, Miss Q to help maintenance and management of the certification process. As an option an external audit undertaken by an accredited ISO 27001 compliance company can be provided.

 

Business Continuity Management

Business Continuity Management (BCM) is defined as a holistic management process that identifies potential threats to an organization and the impacts to business operations that might be caused if these threats are realized. It also provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, their reputation, brand and value-creating activities. (Source: ISO 22301:2012).

At Dognaedis we help you build and improve the resilience in your business, creating the plans and strategies that will enable you to continue your business operations and allow you to recover quickly and effectively from any type of disruption whatever its size or cause.

 

Disaster Recovery

As IT systems have become increasingly critical to the operation of a company, it has become of vital importance to ensure the continued operation of those systems and their rapid recovery.

Disaster recovery (DR) involves a set of policies, procedures and tools to enable the recovery or continuation of vital technological infrastructure and systems following a natural or human-induced disaster. Disaster recovery focuses on the IT or technological systems supporting critical business functions, as opposed to business continuity, which involves keeping all essential aspects of a business functioning despite significant disruptive events. Disaster recovery is therefore a subset of business continuity.

 

EU GDPR

Consultancy service designed to help any company in their efforts to be EU General Data Protection Regulation ready. This regulation protects fundamental rights and freedoms of European Citizens and in particular their right to personal data protection. It is divided into 3 phases that can be bought separately or as a package.

Phase1: It begins with a Readiness Assessment on the client processes, IT and security procedures. With those results a gap analysis focused on regulation is made. It allows you to know how far you are from full compliance and which path you need to follow to achieve compliance as efficiently as possible.
Phase2: is subdivided into 2 parts, Design & Planning and Implementation. This phase is where the new processes are created, the PIA's are developed, the DPO is chosen and evolved and tested to confirm compliance is achieved.
Phase3: The use of the MissQ Program Management platform, to maintain compliance. It may include the DPOaaS as well.
Dognædis GDPR consultancy has two complementary elements, the organizational where we help your organization to be GDPR ready, and the product where we help your products to become and maintain GDPR readiness.

 

GDPR

SOFTWARE SECURITY CONSULTANCY

Software Security Development LifeCycle Consultancy

Specification and customization of Security Development LifeCycle to software development, in a technology and software agnostic manner. Applicable to any software development methodology, assuring the least possible impact on daily operations. Embraces various components, from the procedural to the toolset.

 

Software Security Architecture Consultancy

Auditing of existent or designing a new security architecture of software applications in order to ensure the correct implementation of security attributes with a focus on confidentiality, integrity and availability. Supported to design and implement a secure software offering accurate specifications.

 

Customized Training

Professional training on information security with customized contents to meet specific client needs. Customized and tailored training in the various fields of InfoSec. Some examples of topics are:

  • Security Awareness
  • Cyber Security for Board members
  • Vulnerability management
  • Basic forensic procedures and processes
  • Physical and Digital Security synergies
  • Risk analysis
  • GDPR
  • Software Security
  • SECops
  • Incident Management

The scope can be undertaken in line with real customer needs.

 

Forensic Analysis

Involves the detailed postmortem analysis of security incidents as well as a damage report and lost or damaged data recovery. This service examines digital media in a forensic manner with the aim of identifying, preserving, recovering, analysing and presenting facts and opinions about the digital information, including deep analysis and surveys that assure a complete knowledge of what happened during the incident, namely its cause, impact and scope. It can follow legal procedures or be built targeting legal actions.

Social Media