• Security Audits
• Security Planning
• Information Security Management Systems
• Platforms & Services Security
• Security Operations Center
• Specialized Solutions

Definition of Policies

A fundamental aspect of all information security strategy is to have certain principles and objectives clearly identified and defined. The concept of security policy includes the development of standards and procedures for the organization’s security practices. From Management’s declaration of support through the Security Policy Statement, to the actual writing of regulations, standards, procedures and instructions, GMV provides the knowledge and experience necessary to guarantee the proper publication, distribution and awareness that define good Security Management.

Security Plans

The Security Plan determines suitable actions, controls and projects required to achieve the appropriate level of security for an organization in the short and medium term. One of its main objectives is to find a balance between the needs, the technological viability and the human and economic resources of an organization. In order to achieve this objective, the Security Plan is basically developed in three phases: First, definition and analysis of requirements; then, consolidation of results; and finally, planning of actions and projects.

Contingency and Continuity Plans

The Contingency Plan is an invaluable aid in the case of certain scenarios or events that can cause an organization’s information systems to go down, either in full or in part. The ultimate objective of the Contingency Plan is to determine what resources are necessary, to ascertain the equipment needed for intervention, and to establish essential steps to be taken to recover critical services in a short period of time with the goal of minimizing financial losses or damage to the organization's image. To achieve this, the services and related assets are determined for adjustment at a later date. Once identified and adjusted, different scenarios and events that can cause downtime are analyzed to determine backup resources and necessary actions. Thus procedures for recovering critical services within the required time frame can be defined.