Security in IT is like locking your house or car – it doesn't stop the bad guys, but if it's good enough they may move on to an easier target.
insecor® is a Swiss Company. Core competence is: the holistic approach to Information Risk Management.
CEO, owner of the company, MAS Law,
CAS Information Security
Who is working for insecor?
To best meet the needs of my clients I work closely with carefully selected cyber security professionals, ICT-Lawyers and trustworthy partner companies. Additional specialised companies are brought in depending on the specific project and its requirements, business sector and volume.
- Data Protection Regulations in Europe and Switzerland
Planning, supporting and implementing the necessary organisation, processes and documents in order to be compliant with the EU General Data Protection Regulation (GDPR) as well as the Swiss Federal Data Protection Act (DPA). Please note, that the DPA is currently being totally revised due to the new European regulations on data protection. This process is still going on: the Swiss Parliament needs first to approve the new DPA before it can come into force. The National Council has debated on the propositions of the Council of States during the spring session 2020 of the Swiss Parliament. There are still differences between the National Council and the Council of States. According to the media release of today (19th of May, 2020) the Political Institutions Committee of the Council of States (PIC-S) joins the National Council on several points. The Council of States will debate on the last decisions of the National Council, considering the propositions of the PIC-S, during the summer session (2nd of June 2020). Brexit: Swiss companies should visit the Swiss Data Protection Authority's website from time to time for current information and the latest news.
- Mandate as a Data Protection Officer (DPO)
According to the applicable data protection laws GDPR as well as the Swiss DPA resp. the Federal Act on Data Protection (FADP).
- Technical and organisational measures (TOMs)
Planning and implementation of technical and organisational measures ("TOM") according to the applicable data protection laws (Swiss DPA; GDPR) and standards such as ISO/IEC 27000 series, NIST, BSI standards, etc.
- Governance and Risk Assessment
Regarding data protection and information security; e.g. security and privacy concepts for information technology systems and databases; legal evaluation of projects and information technology systems; defining information security and data protection measures within ICT projects; planning and implementing information security management systems (isms according to ISO 27001).
Regarding data protection and information security (in particular according to the ISO/IEC 27000 series).
- Project- and Process Management
Such as consultancy for ICT project managers, defining information security and data protection measures within ICT projects, etc.
Cybersecurity / Fight against cybercrime
- Consulting and conception
Authoring, revising and/or analysing concepts and designs.
- Cybersecurity audits
Situation analysis and assessment of IT infrastructure components, systems and applications.
- Services and solutions
Consultancy to clear up incidents (e.g. data leakage or cybercrime) and solutions (development of software, etc.) specifically for organizations and companies with increased security requirements (e.g. police authorities, public prosecutors, tax authorities, banks and insurance companies).
Methods and Standards
We emphasize the interdisciplinary approach and therefore the close collaboration with the management body and legal department as well as the CISO, ICT project managers and computer scientists. We apply recognized standards, methods and best practices as for example the ISO/IEC 27000 series, NIST, COBIT or the HERMES 5 project management method.
Some good reasons to choose insecor…
- Personal and Expert Advice
- Swiss Company
- Distinctive Quality Awareness
- Experience and Innovation
- Interdisciplinary Team thanks to highly qualified Partners
- Strong Commitment
Some highlights of my work…
- Various mandates as Data Protection Officer (DPO) according to the applicable data protection laws GDPR as well as the Swiss DPA
- Performing various audits, consulting, editing of legal documents and give trainings as Data Protection Officer (DPO)
- Carrying out various Privacy Impact Assessments (PIA) and recommending technical and organisational measures (TOMs)
- Authoring information security concepts (incl. protection needs analysis and risk analysis) for information systems containing sensitive data
- Mandate as the only external technical expert for data protection management systems (incl. ISO 27001 and ISO 27002) of the Swiss Accreditation Service (SAS)
- HIV - Handels- und Industrieverein des Kantons Bern
- IAPP - International Association of Privacy Professionals
- ISACA - Information Systems Audit and Control Association
- ISSS - Information Security Society Switzerland
- SF - Schweizer Forum für Kommunikationsrecht
- SGRP - Sicherheitsgruppe Schweiz
- SK ITS - Sector Comittee Information Technology
- SPICT - Verein Swiss Police ICT
- swissICT - Schweizerischer Verband der Informations- und Kommunikationstechnologie
If you require any additional information please feel free to contact me and I will be happy to assist you.