Following numerous new regulations (NIS2), a Belgian governmental organisation decided to evaluate its cybersecurity maturity level. With the help of our team, it was able to carry out a comprehensive cybersecurity evaluation based on the ISO27001 standard, developed a roadmap towards ISO27001 certification, and initiated the drafting of essential policies and procedures.
Background
This organisation plays a crucial role in the economic development of Wallonia in Belgium. In a world where information security is paramount, this entity recognised the need to strengthen its cybersecurity capabilities to better protect its data and that of its partners.
The Challenge Faced
Faced with increasing data security requirements, the existing IT teams needed to evaluate and improve their cybersecurity practices to measure their maturity level against the ISO27001 standard. Having no staff member dedicated to IT security, they called upon Ataya & Partners to temporarily assume this role.
Why Ataya & Partners?
- Cybersecurity Expertise: Following a awareness session for IT directors, the company called upon our services to assess their maturity level.
- ISO27001 Expertise: Our ability to conduct detailed assessments and create roadmaps for obtaining ISO27001 certification.
- Policy and Procedure Drafting: Our skill in writing regulatory documents aligned with international standards.
- Holistic Approach: Our CISO As A Service by providing not just one person but a multi-disciplinary team capable of responding to any incident.
How We Responded
Our initial step was conducting a comprehensive gap analysis, a process designed to assess the organisation's current compliance level with the ISO27001 standard. This in-depth analysis allowed us to identify specific areas where the organisation met the standard's requirements and, more importantly, areas where improvements were needed. The findings from this gap analysis were instrumental in developing a strategic, multi-year roadmap. This detailed plan was not just a timeline; it was a step-by-step guide that outlined key milestones and actionable steps towards achieving ISO27001 certification.
In parallel with the roadmap development, we focused on drafting tailored policies and procedures. Our approach was customised to align with the specific operational and security context of the organisation. These policies and procedures were not only aimed at meeting the ISO27001 standards but also at embedding a culture of continuous improvement and best practices in cybersecurity within the organisation.
Finally, to validate the effectiveness of the implemented policies and the robustness of the IT systems, we conducted a series of pentests (penetration tests). These tests, carried out by our team of cybersecurity experts, were designed to simulate real-world cyber attacks (Osint, blackbox, wifi pentest...). The objective was to identify vulnerabilities and weaknesses in the systems before they could be exploited by malicious actors. The pentests provided valuable insights into the practical aspects of the organisation's cybersecurity defenses and played a pivotal role in reinforcing the overall security posture. Our team identified several major vulnerabilities. We provided comprehensive support to our client to ensure these vulnerabilities were effectively resolved, preventing exploitation by malicious individuals.
The Results
- Improved Compliance: The organisation is now on the path to ISO27001 certification with a clear strategy and strengthened practices.
- Strengthened Security: The pentests revealed and helped rectify vulnerabilities, enhancing our client's resilience.
- Strategic Support: Our CISO AAS provided valuable expertise in the implementation of policies and procedures.