We perform perform complete Information Security assessments, considering not only IT security but also the logic, physical, infrastructural, organizational aspects of security. We offer risk assessment and management consulting and advising for Information Systems management. StudioAG follows industry best practices and the most accredited industry frameworks: ISO/IEC 27001, OSSTMM, COBIT. All our work is aware of relevant legislation, both national and European (data protection, cybersecurity, data retention, invoicing).
Our approach to Information Security consulting is oriented towards improving our clients’ levels of security; we are completely vendor-neutral and technology-neutral, choosing the best solutions without any commercial interest. In many cases we contribute directly to the development of International Standards and Policies in international organizations like ISO, CEN-CENELEC, ETSI. Internationally recognized best practices and standards are a constant reference.
G.R.C. – Governance, Risk and Compliance
Risk-based approaches are nowadays the main way to manage information security (and security in general). It is unthinkable in the current cybersecurity context to manage security solely by acquiring a number of products or packaged services – security is a continuous process to be managed internally or by a trusted advisor, not a spot job.
StudioAG con offer the private and the public sectors sound advising in managing in a ongoing and useful way the process of risk management, according to best practices and compliance requirements.
ISO 27001 auditing
The ISO standards are the only worldwide framework for Information Security Management Systems. We offer ISO 27001 consulting in the implementation of ISMS systems, from the initial survey and gap analysis to the control specifications and implementation. We also can audit existing systems.
VAs are technical assessments of the ICT infrastructure, detailing the vulnerability present in hardware and software. They can be requested independently or as part of a more general and complete security assessment. Deliverables are technical reports containing all the vulnerabilities found.