Information and Cyber Security Management Services

We help to implement the following technical and organizational measures in order to ensure proper information and cyber security management and personal data protection for organizations that manage information systems, as well as electronic information, including personal data:

• We create information and cyber security policies and (or) procedures
• We perform information security risk assessments
• We assess compliance with requirements of the legal acts of the Republic of Lithuania and international standards (ISO 27001 & ISO 27002)
• We help to manage information security and cyber incidents
• We organize tests / exercises of business continuity management and disaster recovery plans
• We perform vulnerability assessment and penetration testing
• We organize cyber security training and social engineering testing
• We perform ISO 27001 Gap Analysis
• We implement and maintain an ISMS that meets the requirements of the ISO 27001
• We help to assess the compliance of ISMS measures with the requirements of the ISO 27001
• We help to implement other measures as needed

The National Cyber Security Center report notes that audited entities often have only formal paper-based information and cyber security processes that are not properly organized and managed, and that the staff assigned to these functions do not have the necessary qualifications and experience.

The decisions adopted by the State Data Protection Inspectorates state that some data controllers and data processors do not take proper management of personal data in accordance with the requirements of the General Data Protection Regulation (GDPR) and do not have sufficient technical and organizational means.

Lack of sufficient technical and organizational measures may be considered infringements of the provisions of the GDPR, in which case administrative fines of up to 2 – 4% may be imposed the total annual worldwide turnover of the preceding financial year, or up to EUR 10 000 000 to EUR 20 000 000.

• Information and cyber security management processes and (or) ISMS are created in accordance with ISO 27001 requirements and integrated into the organization‘s operational processes
• Continuous and professional management of the organization’s information and cyber security is ensured, allowing organization to focus on its core activities
• Information and cyber security risks are regularly assessed and measures implemented to manage them
• Qualification of employees in the field of information and cyber security, resistance to social engineering is raised and maintained
• Business continuity and disaster recovery is ensured
• Coordinated activities of responsible personnel and departments, information security and cyber incident management carried out
• Compliance with the requirements of the legal acts of the Republic of Lithuania, GDPR, ISO 27001 and ISO 27002 is ensured

• A Compliance Assessment Project Has Been Implemented in the State Tax Inspectorate
• A Compliance Assessment Services for Government Information Resources and Communications and Information Systems Managed and Managed
• National Health Insurance Fund User Identity and Rights Management and User Registration and Control System Implementation Project (Agreement)
• Independent ESPBI IS – Electronic Health Services and Collaboration Infrastructure Information System) Security Audit Project of SE Center of Registers