GRC – Governance, risk management
and compliance

Become compliant with your business – we create a connection between GRC and your business goals.

We think ahead – constantly

You never know who the next target of cybercriminality will be. But one thing is sure – we want to do our part to make sure it is not you.
We are constantly thinking ahead. Only in that way does your company get the right protection.

How long do you dare to wait?

We are ready to help you. At ICY Security, we have a range of IT security specialists who are ready to support you in getting the GRC that is right for you. We have tremendous specialist knowledge and a wide array of methods and competencies.

It is important that there is a connection between cybersecurity and your daily operations.

Call us today to learn how we can help you.

Companies’ current challenges

Our experience shows that all companies today face the following challenges:

  • Identification of the right level of IT security
  • Acting on changes in the existing risks as a result of new business models
  • Increased and complex threats from the world of cybercriminals

In addition, companies must now observe ever more legislation such as the EU’s General Data Protection Regulation (GDPR). Some utility companies (electricity and gas) must comply with Danish statutory order 515 on IT contingency requirements.

What is your basis for considering Security Compliance?
Extend each phase and read more about your possibilities.
Phase 1

Pre-analysis

You get a critical overview of your current and future business and risk picture

Phase 2

Target/threat assessment

What is the right goal for you? You get expert recommendations on the threats and you get your strategies linked to a suitable risk appetite, so that you neither aim for too much or too little security to satisfy your strategic objectives.

Contact us and establish your security objectives

Phase 3

Assessment/As-Is analysis

Get a thorough assessment of your security controls, system architecture, processes and security organisation.

Our evaluation depends on specific elements, such as:

  • Protection of critical data and systems
  • Security surrounding remote access
  • IT security management
  • Employees’ security awareness
  • Suppliers’ security initiatives
Phase 4

GAP

How far is the company from its target?

Get a solid assessment based on the results of phases 1, 2 and 3. Through our international cooperation, we are also able to compare you to other companies, including companies from the same industry. This way we can compare your expected security level with comparable companies.

Phase 5

Roadmap

Get a roadmap of your journey

Based on analysis, risk assessment, GAP and target, we put together a plan for how to deal with the identified risks and threats.
A roadmap can contain the following:

  • Action plan for initiatives that will close the identified GAPS
  • General description of the primary initiatives
  • Prioritised initiatives
  • Launch of implementation of security initiatives

ICY Security Services

ICY Security provides full-coverage GRC.
We create the right solution for you on the basis of our experience in identifying threats and risks within information security.

You get a tailored method based on analysis and risk assessment. ICY Security makes sure you get the right level of security within an effective financial framework and time line.

The method is aimed at protecting business critical data and systems and to protect the business’s operating activities.

Learn more about our GRC methods

ICY Security’s method is well-tested and is used for all information-related work. This could be, for instance a GDPR compliance project, the establishment of an IT contingency plan or of a management framework for your business’s work on information security and cyber.

The tools used in the different phases are naturally different from project to project.
For example, we apply best practice from:

  • IAPP for resolving GDPR projects
  • ISO27001/27002 when establishing management frameworks in information security
  • SANS Critical Security Controls when implementing or measuring the effect of technical IT security controls
  • ITIL framework tied with ISO27001 when creating effective processes for information security
  • OWASP when security in the IT development process needs improvement.

We are ready to help

In order to deliver solid and sure solutions to our customers, we have strengthened our specialist knowledge in IT security, with focus on business value.

Our consultants are all experienced with certifications in, e.g.:

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Privacy Manager (CIPM / IAPP)
  • Certified Information Security Manager (CISM)
  • Certified Chief Information Security Officer (CCISO)
  • Certified Information Systems Auditor (CISA)

Our consultants are also trained as ethical hackers (EC Council Certified Ethical Hacker), so we are able to conduct vulnerability tests, classic penetration tests or blue team/red team tests.

Cross the finish line with EU GDPR

How does the new EU regulation affect your business?  Can you, e.g. document how you store data – and what you use it for?
In May 2018, the EU implemented stricter rules for what is considered personal data and the requirements regarding how your company processes that data.
You get consulting and solutions for implementing the new requirements – for instance process documentation, project management, security governance and support for implementing either all or some technical controls, so your processing security of personal data improves.
We are ready to help you.

Read more about the EU data protection regulation click here
Read more about the EU data protection regulation click here

EU General Data Protection Regulation

​​​​​​​​​The EU’s General Data Protection Regulation, GDPR, requires all public bodies and private companies to put sufficient technical and organisational security controls in place for the protection of personal data that the body or company processes.

Specifically, an assessment of the organisation’s security level must be made. This is done on the basis of a documented risk assessment on the basis of the data’s sensitivity and the potential consequences for the individuals that the data concerns.

We are ready to help

ICY Security’s concept is tailored to the new requirements and security threats in connection with personal data that increasing digitalisation entails.

By mapping data flows, we create an overview of where the most sensitive data lies. We document consequence assessments and evaluations of the individual controls.

We are ready to help – click here

Menu