László György Dellei (MBA, CISA, CGEIT, CRISC, C|CISO, CDPO, Certified Expert witness) has expertise in the field of ICT, security and data protection in Hungary. Mr. Dellei is proactive and is a registered security expert of the European Commission. This is not all; he is also a member of the Hungarian Chamber of Judicial Experts, Gold Member of ISACA, member of the EC‐ Council, and member of John von Neumann Computer Society.
László György Dellei provides skilled supervision to multinational and huge firms’ and also to small enterprises. He is the founder of Kerubiel Ltd. with sense of purpose being to make sure their clients meet the highest possible level of compliance with the relevant rules and regulations.
In the era of data-driven society and economy, effective, lawful and secure management of information is a crucial element for companies. Compliance with the global and/or regional standards and regulations governing information security, data protection and data security may be time-consuming and resource intensive. Take, for instance, the GDPR which requires data controllers and processors to revise their data processing activities, to make the necessary modifications in order to comply with its provisions, and to prepare the relevant documentation, such as privacy notices, inner regulations, DPIAs, etc. Furthermore, the new European regime for data protection has a special focus on the so-called risk-based approach and data security, emphasizing the importance of integrity and confidentiality of personal data. Thus, appropriate technical or organizational measures protecting against unauthorized or unlawful processing, and against accidental loss, destruction or damage of the information processed, shall be adopted. These rigorous provisions supplemented by the wider competences of the supervisory authorities, and higher fines, might be seen as an impenetrable barrier for many companies. Yet, non-compliance results in significant loss of income, of public trust, and other competitive disadvantages.
From the beginning of its operations, the objective of Kerubiel Ltd. has been to provide counsel and expertise from the field of information technology, information security, data protection and data security to various actors operating on the market. The company quotes, “Our solutions combine self-awareness, data/information governance, transparency and accountability measures as well as all aspects of risk management. Thus Kerubiel Ltd. offers complex, personalized, rapid, yet affordable ways for its clients to achieve high-level compliance.”
Since 2018, cyber incidents and cyber-crime cost triple as much to businesses as the cost of natural catastrophes according to Allianz Risk Barometer. And it is not even a surprise: most companies’ primary assets are data. When cyber breaches and privacy scandals happen, they can bring businesses to a standstill. The services cannot be delivered, the company cannot operate, the trust is vanished, and it may be impossible to be rebuilt. A well-equipped cyber-security system should be an essential part of all kind of businesses - right from the beginning.
László György Dellei, Founder of the company said us, “Moreover I think that the greatest security threat to businesses are – and have always been – ignorance and a culture of harmful attitudes. It may be said that the cause of roughly 75 % of unwanted events, such as incidents and data breaches, is human error. Negligent, unprepared employees may cause more damage than malevolent adversaries, yet this kind of threats are often overlooked by the companies. That is why Kerubiel Ltd. focuses on shaping attitudes rather than simply providing counsel to its clients.”
Kerubiel Ltd. has utilized three principles in every part of its operations: adaptability, effectiveness and the continuous (self-) development. This approach helped the company to harness the advantages of technological and legal developments, and to channel its unique expertise towards its clients thus providing lawful, timely and effective solutions. The success of this approach may be measured by the growing number of its happy clients.
Distances – even in the cyberspace – may alienate consultant from its clients, and vice versa. Understanding the customer is a key element of a successful cooperation. Therefore, Kerubiel Ltd. seeks direct contact with its customers from the beginning. This way the firm might gather crucial information on matters deemed to be important by the clients as well as information related to its work.
Kerubiel Ltd. always looks at technology as an opportunity for further improvement of its services. Open-mindedness, curiosity and lifelong learning are the principles that drive Kerubiel Ltd. towards innovation and new knowledge. This way, the company’s clients receive timely information and expertise, and might be prepared for future challenges as well.
Kerubiel Ltd. offers unique services in the field of information management, information security, data protection and data security. For instance, within audits, the company explains, “We assess the information or data management of a company or a product in order to provide assistance for compliance with data protection and information management standards, and to define the necessary measures to improve the product or the activities of the client. By providing complex IT security services, Kerubiel Ltd. seeks to ensure that the ICT infrastructure of the client is effectively protected against adverse events, such as any information or a data breach. Finally, with due regard to the provisions of the GDPR, we provide consultation and expertise that improves the “GDPR readiness” of a company, such as outsourced DPO service.”
Kerubiel Ltd. provides its services with a special view to high-level IT security standards. For instance, they utilize ISO 27000 standards and other best practices, and accordingly examine the IT system and the services of the client. Kerubiel’s audit focuses on the actual state of the IT infrastructure identifying IT system availability, potential risk factors, and security or operational failures. Based on data gathered via objective methods, Kerubiel Ltd. will prepare a report for the client containing all necessary information about the current state of the IT system, potential risks, defined errors and other deficiencies, and its detailed suggestions for addressing these issues. Another useful tool that Kerubiel Ltd. frequently applies is the NIST 800-53 controls assessment. This helps them identify gaps within IT systems of the client and, at the same time, focus on controls, time and budget to minimize deviations and redundancies. This way Kerubiel Ltd. may rapidly assess the viability of the security framework, thoroughness and consistency of security controls of the client.
Finally, it is important to note that the organization’s mission consists of not only the provision of these services, but of shaping the attitudes of its clients. Compliance with the relevant standards and regulations necessitates a strategic approach and a permanent focus on all related activities. Kerubiel Ltd. tries to persuade its clients to leave behind negative or harmful attitudes and to realize that compliance with the rules of information management, information security, data protection and data security is a competitive advantage.
Cybersecurity market is under continuous change due to development in the field of technology and its applications, and the legal background. There is a trend in the past few years that brought cybersecurity, information security, information management, data protection and data security to the forefront, thus bringing together or even unifying experts on these fields. This trend will continue to define the market in the near future providing a unique opportunity for Kerubiel Ltd. With its potentials due to the wide range high-level expertise of the company, Kerubiel Ltd. wishes to become one of the most innovative leading companies providing counseling to its clients in the CEE region. “In the highly competitive market, this goal is of course yet to be achieved, but, hopefully, we have already made the first steps,” says the company.
"We have many years of extensive experience both in the public and in the private sector, delivering complex solutions from scratch."
"Based on our knowledge and comprehensive field experience we are contributing at many influential international professional organisations like ISACA (The International Organisation for IS Auditors and Information Security professionals -HQ in US.)"