Call us now Email a specialist
+353 1 6420100 | info@ward.ie
  • Resources
  • Blogs
    • Insights

    ISO 27001 – A swiss army knife for GDPR…

    With GDPR just around the corner, many organisations are asking themselves if they should consider implementing an information security management system such as ISO 27001 in order to help achieve and maintain impending compliance frameworks such as GDPR or a PSD2.
    First off, it’s crucial that organisations realise that achieving ISO27001 accreditation does not lead to automatic GDPR or PSD2 compliance. On the contrary, organisations seeking to achieve compliance to these standards need to put in a lot of extra work.

    This is because ISO 27001 is an international best practice standard for Information Security, while GDPR is a regulation by which the European Parliament, council and commission intend to strengthen and unify data protection for all individuals within the EU. Finally, Payment Services Directive 2 (PSD2) is a new European-wide regulation requiring European banks to make it easier to share customer transaction and account data.

    At face value, ISO27001, GDPR and PSD2 are all very different things i.e. legislation, best practice and industry standards. However, at their core they all have something in common, namely the need to appropriately handle, process and store sensitive data whether its personal, financial, commercial or intellectual property. Implicitly they also have common requirements around the need to be able to demonstrate governance, diligence of consideration and decision making, sustainability of operation and conformance with their respective control requirements – i.e. a strategic and systemic approach to Information Security, personal data and privacy.

    Implement a framework to steer compliance strategies

    Therefore, although organisations will need to complete additional courses of work to achieve GDPR and PSD2 compliance, it is Ward’s recommendation that they consider the implementation of an overarching Information Security framework such as ISO27001 to steer their compliance strategies. The key to integrating these different compliance frameworks and obligations particularly for GDPR is that your implementation of ISO27001 should identify personal data as an Information Security asset.

    Implementing ISO can aid organisations in a number of ways:

    • Achieving ISO 27001 compliance for the appropriate scope provides organisations with an independently accredited management system to manage their information security according to best practices. The accreditation also provides proof that you and your partners meet the recognised and appropriate information security standards. Organisations conducting B2B with larger enterprises are currently expending a lot of effort demonstrating diligence of their Information handling processes and procedures to existing and new customers. This burden is set to increase. ISO27001 accreditation to a relevant scope should help provide the reassurance that these customers need.
    • Maintaining and operating the ISMS or sub functions of the ISMS according to ISO 27001 will lead to improved security and reduced risk to organisations as a by-product of ensuring on-going compliance.
    • Implementation of ISO27001 generally leads to significant improvements in the culture and awareness of Information Security which help move organisations from a reactive approach to a compliant, proactive or optimised level of Information Security, leading to increased security/ reduced risk and typically reduced cost of security.
    • ISO 27001 requirements make it necessary for organisations to put a number of over-arching policies, procedures, controls and management systems in place to achieve compliance. Many of these elements are required under other security or compliance frameworks such as GDPR, PSD2, PCI/DSS etc., meaning that organisations that achieve ISO27001 will have taken significant steps towards compliance with these other standards as well. However organisations need to work hard to integrate the specific controls, processes, and procedures of each compliance requirement into the overarching Information Security Management Systems. There are lots of sources mapping the different control requirements of each compliance requirement to each other e.g. GDPR to ISO27001 etc.
    • The compliance frameworks such as GDPR refer to the desirability for standards or accreditation. ISO27001 accreditation to a relevant scope in our opinion should help demonstrate to a regulator that an organisation expended significant diligence in their compliance obligations either in a BAU audit or post an incident.

    A more efficient approach

    Running individual, distinct information security compliance frameworks with no common overarching framework will most likely mean duplication of effort, as well as increased cost and management complexity, to organisations. Integrating individual compliance frameworks into an overarching framework such as ISO 27001 means one system to manage all Information Security requirements, reusing common elements across individual compliance frameworks, a much more efficient approach.

    IS027001 accreditation demonstrates that the organisation in question, big or small, implements  best-practice Information Security processes, something which is sure to be of interest to customers, auditors, regulators and third parties, especially as GDPR draws closer.

    To make the process of becoming ISO accredited easier for you, Ward’s ISO consultant can work closely with your business to steer you through the entire process. We can also customise our services to help you at any point in the implementation cycle:

    • Greenfield- We help devise and implement from the beginning.
    • Partly Progressed- We can pick up from where you currently are at and take you through to completion stage.
    • Full Progressed- We can supply you with an ISO 27001 maintenance service.

    To find out more about how Ward Solutions can help you in your ISO and GDPR journey, contact us on +353 87 642 0100 or e-mail: sales@ward.ie

    Insights

    PATH TO GDPR- Practical Steps to take!

    REGISTRATIONS CLOSED!


    When: 08.30 am – 12.00 pm Friday, 9th June 2017
    Where: Royal College of Physicians, Kildare Street, Dublin 2.
    Admission: Free
    Hello Again!
    Guess what?
    We’ve had such a good response from our last event in February and we would like you to be a part of our next one. This is not going to be just any other GDPR event, we want to give you a platform where we help you identify the stage where you’re at in your GDPR compliance journey and what you need to do to achieve and demonstrate compliance.
    It’s not just your organisation but many Irish organisations that still aren’t aware of the implications caused if they are not compliant with the General Data Protection Regulation Legislation. That is why we believe this event is going to be of significant value to your organisation.
    At this seminar, information security and privacy experts from Ward Solutions and Fortinet will outline the practical steps to take in the next 12 months. You will be advised on how to prioritise the information security and compliance activities to develop strategies that can identify and mitigate the risks to personal data that is putting your organisation at significant risk.
    Still not sure? Okay how about this, the event is not going to be a one-way communication kind of show, we want to understand where you stand with your GDPR awareness and knowledge and we will ensure you come out of the event more certain than never before. So ask us questions that you have about your GDPR path and requirements for your organisation (e-mail- gdpr@ward.ie) and we’ll come back to you with answers on the 9th of June. 
    Please Note: You agree that Ward Solutions Limited may collect, use, disclose and retain your personal data, which you have provided in this form and share it with third party organisations through which we  carry out our marketing further details of which can be accessed at our website www.ward.ie, for providing marketing material that you have agreed to receive, in accordance with the Data Protection Acts 1998 – 2003 and our privacy/data protection policy (available at our website www.ward.ie).
    We’re house full! Registrations are now closed!

    Careers

    Senior Security Network Engineer / Consultant

    Ward Solutions Security Operations & Response Practice is Ireland’s most technically proficient security practice is Ireland’s most technically proficient security practice, with a reputation in the Irish market for providing technical expertise,

    independent technical and consultancy advice, and superior quality in all customer engagements designed to bring tangible benefits and results for our customers.  

    We recognize the knowledge of our security Engineers and consultants is the key to our success, and that they understand how to expertly implement and support technical security

    solutions for all of our customers.

    A Position exists for an experienced Senior Security Network Engineer / Consultant within Ward Solutions. You will be responsible for the design, implementation and maintenance of network security systems including firewalls and infrastructure.

    Remote management of network security systems and network security review of ICT infrastructure is also a key feature for this role.

    • Participate as lead Presales Engineer in designing secure networking solutions.

    • Liaise with Technology Vendors in scoping presales requirements.

    • Work with the Ward Sales team and liaise with clients on Sales opportunities

    • Develop security architectures and controls, review designs, develop security documentation for different projects and identify and address risks.

    • Lead technical implementation of small to medium infrastructures and technical designs including producing cost and timescale estimates and identifying risks. On larger projects work with lead architects to meet customer requirements.

    • Work within a team as a security specialist helping to define and implement technical best practice. Ensures effective planning and implementation of network solutions.

    • Establish working relationships with the customer at the appropriate technical and / or management level, to understand the requirements of the customer’s business in order to deliver and enhance the service.

    • Take ownership for obtaining the information required to diagnose and resolve complex network problems. Engage with third parties to jointly resolve in-depth product issues where necessary

    • Manage and administer network environments within SLA, defining improvements and implementing changes to meet service level requirements.

    • Act as a point of escalation for supported client environments.

    Minimum Experience Requirements

    • A minimum of 5 years of experience in a heterogeneous network and security environment

    • Presales and Technical solution design and development experience. 

    • Relevant  Network and Security certifications (CCNA, CCSA or equivalent)

    • Installation, management and troubleshooting of switches, routers and firewalls  (Preferred Cisco, Fortinet, Checkpoint, Juniper,)

    • In-depth and hands on experience in network security technologies; Web-Proxies, IDS/IPS, Firewalls, VPN (SSL & IPsec), Routing, Switching

    • Understanding of security principles that span from network to application layers

    • Sound understanding and experience with protocols/technologies such as: TCP/IP, HTTP(S), TLS/SSL, IPSec, 802.1x

    • Technically proficient in maintaining and operating network equipment and their associated services and applications

    • Experience troubleshooting issues while interacting with vendor technical support

    • Applicants should clearly state level of certifications held in all technical proficiencies and relevant experience in same.

    General Requirements:

    • Excellent communication skills written and oral
    • Technical Writing Skills
    • Experience in Presales and proposal development
    • Troubleshooting skills are essential.
    • Design Testing and Implementation of technical solutions
    • Good interpersonal skills
    • Good team skills – this position will involve working as part of a service delivery team and technical lead on project teams as required.
    • Client liaison skills
    • Good Coordinator and organiser
    • Experience in Cisco, Fortinet, Aruba, Checkpoint, or Juniper technologies an advantage.
    • Understanding of Microsoft products, Servers, OS, Office 365, Exchange, Active Directory an advantage
    Careers

    Security Network Engineer

    Ward Solutions Security Operations & Response Practice is Ireland’s most technically proficient security practice, with a reputation in the Irish market for providing technical expertise,

    technical and consultancy advice and services, and superior quality in all customer engagements designed to bring tangible benefits and results for our customers.  

    We recognize the knowledge of our security Engineers and consultants is the key to our success, and that they understand how to expertly implement and support technical security

    solutions for all of our customers.

    A Position exists for a Security Network Engineer within Ward Solutions.

    You will

    • be responsible for the implementation, support and maintenance of network security systems including firewalls and infrastructure.
    • Work as part of the Ward Support Team delivering remote and onsite Support to client security Infrastructure
    • Establish working relationships with the customer at the appropriate technical level, to understand the requirements of the customer’s business in order to deliver and enhance the service.
    • Take ownership for obtaining the information required to diagnose and resolve complex network problems. Engage with third parties to jointly resolve in-depth product issues where necessary

    Minimum Experience Requirements

    • A minimum of 2 years of experience in a heterogeneous network and security environment

    • Relevant  Network and Security certifications (CCNA, CCSA or equivalent)

    • Installation, management and troubleshooting of switches, routers and firewalls  (Preferred Cisco, Fortinet, Checkpoint, Juniper,)

    • Hands on experience in network security technologies; Web-Proxies, IDS/IPS, Firewalls, VPN (SSL & IPsec), Routing, Switching

    • Understanding of security principles that span from network to application layers

    • Sound understanding and experience with protocols/technologies such as: TCP/IP, HTTP(S), TLS/SSL, IPSec, 802.1x

    • Technically proficient in maintaining and operating network equipment and their associated services and applications

    • Applicants should clearly state level of certifications held in all technical proficiencies and relevant experience in same.

    General Requirements:

    • Excellent communication skills written and oral
    • Technical Writing Skills
    • Troubleshooting skills are essential.
    • Testing and Implementation of technical solutions
    • Good interpersonal skills
    • Good team skills – this position will involve working as part of a service delivery team and project teams as required.
    • Client liaison skills
    • Experience in Cisco, Fortinet, Aruba, Checkpoint, or Juniper technologies an advantage.
    • Understanding of Microsoft products, Servers, OS, Office 365, Exchange, Active Directory an advantage
    Insights

    Ward's countdown begins on GDPR!

    [powr-countdown-timer id=5137ae2d_1491490870751]

     

    With just over 13 months to go until the General Data Protection Regulations (GDPR) becomes effective, if your organisation has not started the process of getting GDPR ready then it is high time that you begin. Remember that the GDPR affects every organisation however big or small that processes personal data – which is any data which alone or together with other data held by the organisation can identify a living individual. As most organisations will process personal data on behalf of their employees, there are very few organisations therefore to which the GDPR will not apply.

    The first thing that you need to do is carry out a data inventory in order to understand what personal data the organisation holds. Who has given the organisation personal data? What personal data have they given the organisation? What happens to the personal data after it has been collected? The more personal data that the organisation holds obviously the greater this task will be. If you are concerned that your IT systems may hold personal data that may be missed during the data inventory, then there are tools in existence which can scan for personal data hiding on your systems. If you require assistance in this regard contact sales@ward.ie.

    Next month’s blog will look at how to carry out an analysis of where your organisation is in relation to GDPR compliance and where you need to be by May 25th 2018.