Listed in Computable 22 Security companies to watch
SEVOCOMM is listed at Nr. 15 in the Computable list of 22 security companies to watch.
SEVOCOMM‘s expertise goes on implementing and internal auditing for NIST, ISO27001 and ISO22301. The profit of this combination, although NIST is an American institution, lies in a well organised system of approach that also can be used outside the US.
The adaptable framework like the CSF makes it easy to implement existing frameworks like ISO27001 and ISO22301 into a new cybersecurity framework and SEVOCOMM can assist you here.
NIST is a sciences laboratory, and a non-regulatory agency of the United States Department of Commerce. Their CSF (Cybersecurity Framework) offers a risk-based approach to managing cybersecurity risk, and is designed to complement existing business and cybersecurity operations. Primarily aimed at critical infrastructure organizations, the CSF can be implemented by any organisation in any part of the world.
There are three components to the framework: the core, implementation tiers, and profiles.
- The Core guides organisations in managing and reducing their cybersecurity risks in a way that complements an organisation’s existing cybersecurity and risk management processes
- The Framework Implementation Tiers assist organisations by providing context on how an organisation views cybersecurity risk management
- Profiles are primarily used to identify and prioritize opportunities for improving cybersecurity at an organisation
ISO 27001 is the international standard that describes best practice for an ISMS (information security management system). A best-practice ISMS generally focuses on protecting the organization’s information assets, and as such aligns primarily with the ‘identify, protect and detect’ functions, and applies processes relevant to the respond function.
Effective cybersecurity, and therefore an effective ISMS, is founded on three ‘pillars’: people, processes, and technology. Ultimately, while having the right technology in place is critical to security, that technology has to be managed and maintained by people, who need to follow defined processes. This is part of the systematization of information security: ensuring full coverage at any point that information could be compromised.
ISO 27001 also has a number of principles that align with the CSF’s suggestions. These include:
- Risk management
- Top management oversight
- Continual improvement
ISO 22301 provides specifications for a best-practice BCMS (business continuity management system). A BCMS is designed to help your organization survive any disruptions and return as quickly as possible to the status quo after such an event – in other words, it is designed to help make your organization as resilient as possible. As such, an ISO 22301-conformant BCMS primarily aligns to the ‘respond and recover’ functions.
A BCMS aligned with ISO 22301 will reflect core practices. They include:
- Management support
- BIA (business impact analysis)
- Risk management
- Business continuity planning
IT Governance Publishing believes that implementing existing security frameworks, such as an ISO 27001 ISMS and an ISO 22301 BCMS, is the best approach to cybersecurity and resilience, and maximizes your ability to survive an attack. This framework can also be paired with COBIT® 5, ANSI/ISA 62443, and NIST SP 800-53, although SEVOCOMM supports only ISO, NATO and NIST standards within the European Union.
Following the standards we as SEVOCOMM implement and audit provides good guidance and have the advantage of already providing broad coverage of the functions outlined by the NIST CSF, ISO ISMS and ISO BCMS.
They also apply several common processes that can be coordinated or combined to reduce the actual workload, such as training and awareness, document control, internal audits, and regular management review. These processes further support the CSF’s aims by promoting good practice that benefits cybersecurity generally.