• DO YOU KNOW WHERE TO INVEST
    TO REDUCE YOUR CYBER RISKS?

  • IT IS NOT ABOUT TECHNOLOGY,
    IT IS ALL ABOUT BUSINESS!

$450 billion
Estimated global cost of cybercrime in 2014 (bigger than the GDP of the 5th richest country)
9 in every 10
Businesses have been breached at least once by hackers over the past 12 months.
According to several studies, 80% of risks are avoidable through simple controls
Fines up to 5%
of turnover in case of data breach with new EU regulation planned for 2015
HOW CAN WE HELP YOU?

Risk CurveWhen “everything is becoming digital”, private, public, and civil institutions become more dependent on information systems and more vulnerable to attack by cybercriminals, political “hacktivists,” nation-states, and even their own employees than ever in the human history.
In a time of limited resources, security programs are experiencing pressure to do more with less. So based on research done by major organizations with a deep understanding of how cyber attacks are carried out in the real world and why the attacks succeed, we are providing a methodology and a security dashboard to help you to focus on what matters most.

Why cyber security should be a board room issue?
Even if we are only at the the beginning of our new digital age, digital technology is already really pervasive and has disrupted the business models of traditional organisations at a rate never experienced before. And so in an interconnected world, organisations are more dependent than ever to digital business processes. This amplifies the business impact of cyber attacks, affecting intellectual property, financial security, competitive advantage, operational stability, regulatory compliance, and reputation. And as businesses are facing rapidly increasing exposure to cyber security risk, IT security strategy should evolve from a pure IT problem to a board room dilemma.

Risk CurveHopefully this hot topic, while accurate, can be misleading, because not every threats apply to every organisation. Attackers have many different aims, tools and levels of determination. By understanding the threats your business is facing, you put the problem into perspective and make it manageable. The starting point for any organisation is to understand what information needs to be protected first.
Another good news correlated by all researches is that the best weapon in your armoury remains good information security hygiene. To name just a few: the National Audit Office, the Australian Government Department of Defence or the GCHQ in UK, everybody agree that with basic security controls you can decrease your risk exposure by at least 80%.

Through human interviews, process review and some technical tests our objective is to help our clients to prioritize and focus their security efforts on controls with the highest payoff, aiming for a "must do first" philosophy.
The main set of controls we are using for our assessments are the well known ISO27002 and the Critical Security Controls which are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today’s most common attacks. They are developed, refined, validated, and supported by a large volunteer community of security experts under the stewardship of the Center for Internet Security an independent and not-for-profit organization.

Below is a list of resources which might be useful if you are looking for more insights to develop your cyber security strategy:





  • 10 steps to Cyber Security
    10 steps to Cyber Security
    September, 2012
    This publication discusses cyber security as one of the biggest challenges for business and the UK economy. It offers guidance for business on how to make the UK’s networks more resilient and protect key information assets against cyber threats. It covers risk management and corporate governance and includes case studies based on real events
    View it
  • Catch, Patch, Match
    Catch, Patch, Match
    February, 2014
    The Strategies to Mitigate Targeted Cyber Intrusions are ranked in order of overall effectiveness. Rankings are based on ASD’s analysis of reported security incidents and vulnerabilities detected by ASD (Australian Signals Directorate) in testing the security of Australian government networks.
    View it
  • Belgian Cyber Security Guide
    Belgian Cyber Security Guide
    November, 2013
    The International Chamber of Commerce in Belgium (ICC Belgium) and the Federation of Enterprises in Belgium (FEB) did come together with EY and Microsoft to create a Belgian Cyber Security Guide. One of the lessons learnt is that change starts from the top. It is the executive level that should set the tone.
    View it
  • Critical Security Controls
    Critical Security Controls
    February, 2014
    The Critical Controls for Effective Cyber Defense are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today's most pervasive attacks. They were developed and are maintained by a consortium of hundreds of security experts from across the public and private sectors. An underlying theme of the Controls is support for large-scale, standards-based security automation for the management of cyber defenses.
    View it
  • ANSSI: 40 Essential measures for a healthy networks
    ANSSI: 40 Essential measures for a healthy networks
    October, 2013
    The French Network and Security Agency (ANSSI) identified 40 technical steps, referred to as essential IT measures which could be referred as rules for a healthy network. This document has been designed for managers and engineers in charge with IT security - it will provide them with a detailed checklist of what they should implement, what they should verify and where they should put their effort to improve the overall security of their IT networks.
    View it
OUR APPROACH

WHAT WE OFFER

Our mission is to help businesses to figure out the level of risk exposure they are facing by consolidating all data from our assessments on a very intuitive and user friendly dashboard. The objective is to make it easy for our clients to know where they are, and what they have to do first. And as a trusted partner, our role through our program is to help the CISO (Chief Information Security Officer) or every person with similar role and responsibilities to:

  • Protect their assets & data in the most efficient way
  • To know where to invest first and help to report it
  • To develop, implement and manage a security program

We provide yearly packages which are made of different kinds of activities aligned on Plan/Do/Check/Act model. And so based on your maturity level we help you to get a broad picture of your security posture and in fine a very straight forward and suitable action plan to follow for your business.

WHAT WE DO
  • Prioritize & Focus
    On most efficient controls for your business.
  • Project Methodology
    To help you to keep control and track progress.
  • Independent expertise
    Not technology or service affiliate.
  • COMMUNICATE YOUR VALUE
    Benchmark your progress and share it.
MEET THE FOUNDER
Guillaume CARBALLO Founder - Expert IT Security

WHO I AM?

Guillaume Carballo is an expert in cyber security and after almost 10 years of experience as a consultant for international companies in a lot of European countries, he decided to create his own start-up company to help small & medium businesses to face Cyber-security challenges. Guillaume holds a master in "Cryptography & IT Security" plus several certifications in the IT field and also a master in "Strategy and International Management" from ESSEC business school.

As a security strategy advisor for C-level, his role is to help management to align IT with business strategy and therefore to assist them to figure out the impact of not taking cyber risks seriously. With SmartProtect, Guillaume combines his two passions which are entrepreneurship and IT security.

CONTACT US
ADDRESS, PHONE & EMAIL

SmartProtect

8, rue Jules Diederich

L-5822 Hesperange

Luxembourg

Mobile: (+352) 661 61 61 19

Tel: (+352) 27 91 29 36

Email: guillaume.carballo@smartprotect.eu