Information Security

“The true computer hackers follow a certain set of ethics that forbids them to profit or cause harm from their activities.” — Kevin Mitnick

When you realize that you need IT security, it’s probably already too late. One of the main objectives of the IT Security department is awareness of the impact of risks to which we expose ourselves and a constant identification and management of all security breaches.

Security Audit
This service will allow you to benefit from a professional and objective opinion on your company’s situation in terms of infrastructure and information security. Using different repositories (ISACA, ISC2 or best practice), our team of experts makes a detailed analysis of audited systems and presents a detailed report of the results, together with a set of recommendations and observations of improvement.

Compliance Audit
Compliance audit helps companies and institutions that want to validate how internal regulations, rules and procedures, national and European or international standards (ISO27001, PCI DSS, Solvency II) have been implemented and respected. This service requires a detailed analysis of all elements contained in the audit scope and the result of the audit report which describes the extent of compliance with the reference used.

Banking audit
Our experts have over 8 years’ experience in banking audits in accordance with MSI Order 389/2007 and TransFonD requirements. Validation of fulfilling the requirements and norms established by MSI,BNR and TransFonD is mandatory for Mobile / Home / Internet Banking operating systems.

Penetration Testing
White / Gray / Black Box Ethical Hacking – The most direct approach in identifying potential security breaches of a customer’s IT infrastructure. It requires extensive knowledge about different hardware, configurations and IT architecture. Fortunately, our experts have provided this service in the past 8 years.

Social engineering
This service exploits the biggest vulnerability in the information security of an institution: human resource. The techniques are limited only to the expert’s imagination and current laws. The results of this work is the best starting point for staff training and raising awareness of security risks among employees.

Implementing information security management systems (ISO 27001)
Implementing an information security management system (ISMS) requires a detailed analysis of the organizational structure of the institution / company and development of a fully customized set of procedures that reflect a unique flow of information to each client. GRX consultants will define how information is managed safely and will ensure that all requirements are met in order to obtain ISO 27001 certification.

GDPR Consultancy
Our initial assessment will review current processes around a sample of critical personal data flows for higher-risk areas of your business (e.g. HR, Marketing, Sales teams). Analysing selected data flows in these business areas will expose a cross- section of practice across your firm, which we will validate in order to create an overall impact assessment and prioritised remediation recommendations.
Using our available GDPR assessment toolset, we are confident we can deliver an initial impact assessment within a maximum 12 weeks, subject to scope. We will produce a list of recommendations, laying out the options for your consideration. From this step, the actual remediation and consultancy project begins.

Our experts have the following certifications:

  • Certified Information Systems Auditor (CISA);
  • Certified Information Security Manger (CISM);
  • Certified in Risk and Information Systems Control (CRISC);
  • Certified in the Governance of Enterprise IT (CGEIT);
  • CCNP Security;
  • EC-Council Certified Security Analyst (ECSA);
  • Certified Ethical Hacker (C|EH);
  • Licensed Penetration Tester (LPT);
  • Offensive Security Certified Professional (OSCP);
  • Certified Information Security Systems Professional (CISSP);
  • Systems Security Certified Practitioner (SSCP);
  • COBIT;
  • ISO 27001 Lead Auditor – BSI