Cybersecurity is a major concern for companies and organizations. In order to protect business continuity and intangible assets (and more specifically data), it is necessary to consider security aspects at all stages of the implemented projects and within the internal processes.
Depending on the activities carried out and their critical nature, specific legal obligations may also apply.
Traditionally, the main security building blocks are made of preventive measures and curative measures.
The Lexing team is able to support you in the implementation of measures aimed at mitigating security risks.
At the different stages of the design and implementation of a security plan, our team advises you:
- Identification of risks and appropriate measures: depending on the nature of performed activities, the applicable legal constraints shall be identified and taken into consideration to help you defining appropriate security measures.
- The definition of an appropriate security policy requires the design and implementation of specific processes for incident management (security breach management), continuity of activities under adverse conditions (business continuity) and service restoration in case of business interruption (disaster recovery). The design and drafting of efficient processes tailored to the business needs are two crucial phases to ensure their efficiency and effectiveness.
- The approach based on risk management requires specific documentation to justify a posteriori the adopted measures. Lexing advises companies on the implementation of internal security risk analysis and management processes, in order to mitigate the risk of subsequent liability for non-compliance with legal requirements.
- The implementation of security-by-design principle relies on close collaboration between the operational, technical and legal teams. Lexing is trained to meet the operational needs of companies and to dialogue with technical staff, and can therefore advise you in order to properly address the security requirements applicable to each particular case.
- Raising user awareness is a key element of a security policy. Thanks to its collaborations with universities and higher education institutions, Lexing can help you developing dedicated training materials. Awareness is essential to the effectiveness of a security policy.
- The involvement of decision-making bodies is essential to the success of a security policy. Familiar with the practice of secondment in companies, Lexing understands the internal governance processes of companies and organizations and can therefore usefully assist you in the preparation of specific plans, reports, projects or procedures, in order to facilitate their internal approval.
- The construction of a security policy usually requires the support from external specialists. Lexing has extensive experience in cybersecurity related contracts and can therefore assist you in drafting and negotiating this type of service agreements.
- The implementation of internal control and follow-up procedures is recommended for security purposes, in order to be able to identify the root causes of an incident. With regard to employees, these control procedures are however subject to specific legal requirements.
- Efficient security management requires to systematically onboard security aspects. Lexing advises companies and organizations on the drafting of appropriate clauses to be included in contracts or public procurement documents, so that the security of the services to be provided may not compromise the company/organisation security policy.
- The external control of the compliance with security policies is an important and touchy aspect of such policies. Thanks to its experience in the field of information technologies, Lexing regularly cooperate with various actors of cybersecurity and service providers (engineers, network specialists, specialized brokers, etc.) and is therefore able to connect you therewith when necessary.
When an incident occurs, reaction time and reaction capabilities of the victim company are crucial, having in mind usual technological infrastructures or tools are compromised or under pressure.
Lexing can also assist companies with incident management:
- Integration of Lexing teams in incident management procedures, in order to be able to advise security managers on the actions to be taken in order to mitigate legal risks.
- Security incidents may require, depending on the nature of the activities carried out and/or the severity of the incident, legal procedures for documentation (in all cases) and notification (to supervisory authorities and/or to third parties affected by the incident). Lexing assists companies in the preparation of internal documentation (accountability) and external documents (notifications, crisis communications), so that applicable legal requirements are observed, and liability risks mitigated.
- Lexing assists companies in monitoring incident follow-up in case of investigation or prosecution by supervisory authorities (data protection authority, for example).
- In order to protect the interests of companies that are victims of incidents, Lexing can also carry out a legal analysis of responsibilities, in parallel with the technical investigation procedure on the causes of the incident. This assistance can also cover collaboration with technical incident management teams. This last form of collaboration can prove to be valuable especially at an early stage, in order to ensure that the mitigation and restoration measures do not compromise the traces and evidence of a possible cause of the incident (necessary to be kept in view possible subsequent liability legal actions).
- Regular review and improvement of practices is a key point in maintaining a high level of security. Lexing assists companies and organizations in legal analysis, in order to identify areas for improvement in the management of cybersecurity risks.
Thanks to the variety of profiles of its employees, Lexing can provide companies and organizations with legal support in the development and implementation of the main elements specific to a security plan.
For an overview of these questions, you can check the slides from our recent conference on cybersecurity as well the replay of that training.
Our latest news on this topic
-
07/10/24
Cybersécurité : La Loi NIS 2 entre en vigueur le 18 octobre 2024
Alexandre CassartAntoine Lange -
Training 18 October 2024 from 08:30 to 09:30
earlegal – L’adaptation de NIS2 dans la loi belge
Antoine LangeVictoria RuelleLéa QuertemontAlexandre Cassart -
18/04/24
BIM et cybersécurité
Fanny CotonAlexandre Cassart