Data protection

If you want to remain the partner to which clients, visitors and employees can safely trust their personal information to, you need to ensure you have sufficient processes in place to manage and protect your data in line with best practices and international standards. Data protection is more and more becoming a competitive advantage and differentiator, instead of just a means to avoiding breaches that result in public embarrassment and outages. Eltrovo can help you design and implement processes to get control of your sensitive data and meet regulatory requirements (e.g. GDPR).We can assist with:

  • Creation of a data register
  • Data privacy impact assessment (DPIA)
  • Design and project management for controls to minimize risk
  • Analysis of supplier contracts with regards to protection of data
  • Design and implementation support for processes related to consent of data subjects, consultation, right to be forgotten
  • Incident management (data breaches)
  • Data Protection Office support

Information security project & program management

Our consultants can help you create an information security policy framework that allows you to implement an adequate protection for your corporate assets. ELTROVO can perform a risk assessment and identify improvement areas on administrative, architectural, logical and technical level in order to avoid outages and other incidents.

We can assist you with creation of a plan to implement necessary controls to avoid business disruption and follow-up on alignment with international standards and regulatory requirements.

Phishing Resistance Training Service

Phishing is a form of social engineering where the attacker attempts to trick people into revealing private information by sending spoofed e-mails that appear to be from reputable companies. Phishing e-mails provide a link to a seemingly authentic page where you can login and reveal your username, password and other personal information. Online scammers can then use this information to access your accounts, gather additional private information about you and your company.

  • In collaboration with our client, ELTROVO creates a customised awareness program. During intake interviews target groups, risks, possible scenarios and techniques will be evaluated. Results will be debriefed in a complete and clear report, pointing out the weakest points and impact, with a proposal for the most appropriate way of increasing resistance against phishing.
  • When the best suitable method is selected, authorisation will be obtained, scope and timeframe will be defined and follow-up actions agreed upon.
  • We will train users against phishing and social engineering via simulations and awareness presentations and create supporting materials for organisations. Also, follow-up trainings and subsequent tests can be organised via classroom training.

Online security check-up service

While the internet has brought major revolution into our daily lives, its convenience and use comes at the price of new perils. Without a proper online defence, you leave yourself and your company open to be a victim of fraud, theft and even property damage. To avoid that your company is subject to malicious activity, ELTROVO can help you set up a secure network with industry standard security protocols.

  • We will create a full technical footprint of your internet facing infrastructure, including web application access to identify possible unmanaged accesses that breach the perimeter, to detect uncontrolled externally accessible devices and the risk for anyone to infiltrate, compromise and exfiltrate data.

Review of connection level security of Internet connected systems, including:

  • monitoring of https-connection security and alerting when degradation is detected
  • web-connection header security checkup
  • Internet availability and performance check
  • benchmark with other parties (customisable or anonymised)

Automated and manual scanning of website infrastructure

  • Verification of Internet footprint:
    • Registered domain names
    • IP-addresses
    • Open ports and services
    • Web-application check, both non-authenticated and authenticated
  • A risk based report will be provided, with an indication of priorities and effort necessary to mitigate the risks, allowing you to plan resource allocation for optimal control.

In case an issue is detected, ELTROVO can make a proposal for the resolution and implementation of the safeguard and will guide your company to stay compliant with technical best practices.