hero_pattern.png

Front page - English

Information Security and Privacy

ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27701

 

Information Security and Privacy Consulting

SECPRICO, Marinós G. Njálsson's consultancy, offers wide varity of information SECurity, PRIvacy and COmpliance services. Including:

  • Information security, cyber security and privacy strategy and policy.

  • Defining, documenting and implementing Information Security Management System according to the requirements of ISO/IEC 27001:2022 and Privacy Information Manage System according to ISO/IEC 27701:2019.

  • Privacy and processing of personal information in line with Privacy Laws and regulations in various countries (including EU GDPR).

  • Cybersecurity, such as EU NIS, EU NIS 2, EU DORA and EU Cyber Resilience Act.

  • Information Risk Management (ISO 31000 & ISO/IEC 27005:2022) & Data Protection Impact Assessment.

  • Training, workshops and seminars on ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27701.

  • Information Security and Privacy Internal Audit and Gap Analysis.

For more information follow the links.

The site is going through reconstruction that will hopefully be finished soon. When finished it will be moved to a new and more descriptive url.

Below are links to articles by Marino G Njalsson, SECPRICO Lead Consultant:

Data Sovereignty, Data Recidency, Data Proecssing Chain

Is banking security based on single point of failure?

When people fail

Information Security and Privacy Management Framework

Risk Management, Resilience, Risk Assessment

DORA - Introduction

 

Email:

security@internet.is

Telephone:
(+354) 898 6019

Links:

Clients

Short description


Strategy and Policy

Organizations are given advice on the risk environment and how they can best prepare themselves against external or internal threats, changes in the operating environment (including the legal environment), technological changes, etc.


Risk Management

Many organizations are missing the link between risk management and their ISMS/PIMS. MGN Security can assist in building the Risk Management Framework both for Information Security and Data Protection and Privacy. SECPRICO uses a Risk Management Framework that complies with ISO/IEC 27001:2022 and ISO/IEC 27005:2022 and can be used for Data Protection Impact Assessment.

A short introduction to Risk management


ISO/IEC 27001:2022 - ISMS

For the past 20+ years the Lead consultant of SECPRICO has assisted organizations in Europe in defining and documenting ISMS according to the ISO/IEC 27001 standard in various versions. The latest version was publish in October 2022 and Annex A of the standard has a totally new look. Already on the way in assisting the first client in defining, documenting and implementing the new version, SECPRICO, knows what is needed.

One of Europe’s best expert on ISO/IEC 27001 and ISO/IEC 27002.


Training, workshops, seminars

SECPRICO Lead consultant has been giving training, workshops and seminars on ISO/IEC 27001 and ISO/IEC 27002 since 2006 and the first workshop for the 2022 version of ISO/IEC 27002 was in September. When ISO/IEC 27701:2019 was published it was added to the curriculum.


Data Protection and Privacy

GDPR changed the landscape in two ways. First on the legal front and secondly in combining Data Protection and Privacy with Information Security. ISO/IEC 27701:2019 established the link between the two. A marriage that can solve the complexity most organization are facing.

The Lead Consultant of SECPRICO has already created ISMS and PIMS for few big European organization in his previous job at DXC Technology.


Information Security, Cyber security and Privacy Internal audit and Gap Analysis

What is required? Have we done it correctly? Are there gaps? Most organizations ask themselves these questions. The Lead consultant of SECPRICO has done audits and/or gap analysis for organizations in three continents (Europe, Asia and North America) as a consultant at HP/HPE/DXC. ISO/IEC 27001 Annex A, GDPR, CCPA, ISO/IEC 27701 Annex A&B, PCI DSS, TISAX, NIST, SANS, COBIT, local privacy laws or what ever the origins of the requirements are, SECPRICO can do an internal audit or gap analysis that meets the highest standard of such work.

 
 

 
 
 
 

 
 
 

Be in touch

Use the form below to contact SECPRICO regarding information security and privacy. Put in detailed enough information to start the dialog. You can also send an email to security@internet.is or call +354 898 6019.