Customer since 2021
CISO as a Service, the perfect solution for Dronten
Marco Muizelaar, ICT Service Manager of the Municipality of Dronten urgently needed a temporary CISO (Chief Information Security Officer) and found one in Klaas Bakker of Inergy.
Municipality of Dronten
Marco Muizelaar, ICT Service Manager of the Municipality of Dronten urgently needed a temporary CISO (Chief Information Security Officer) and found one in Klaas Bakker of Inergy. "With Klaas I immediately had a click" said Marco. "Our own CISO retired and unfortunately his successor soon left for a commercial company. So CISO as a Service was the perfect solution for us".
"We were suddenly in a hole and it's not easy to find a good CISO. However, a CISO is essential for our municipality, so I started looking for someone we could hire temporarily. After inquiring with several companies, we found Klaas from Inergy through our network." says Marco Muizelaar of Dronten municipality.
"We were suddenly in a hole and it's not easy to find a good CISO. However, a CISO is essential for our municipality, so I started looking for someone we could hire temporarily."
MARCO MUIZELAAR, ICT SERVICE MANAGER OF DRONTEN MUNICIPALITY
ENSIA Audit
Klaas Bakker of Inergy: "Initially I planned for a maximum of three months for Dronten, but it ended up being a little over a year. I worked there an average of two days a week. Sometimes from home but also at the beautiful, modern town hall in Dronten. There was a lot to do. I started by supervising the ENSIA audit. This was, due to the changing of the guard, a difficult process. Some things were not properly arranged. That has now been taken care of right away for next year. The basis is now solid and my successor can therefore immediately take the next steps in a good security policy."
No one is waiting for a data breach
"Klaas is critical. Doing your best is not good enough," Marco says. "The ENSIA is getting stricter and stricter. Things are being added all the time. Within ENSIA you used to have to mainly declare, but now you also have to prove things. The information security profession is becoming more and more extensive. And that's good, because nobody wants a data leak. You have to guide employees in this so that they understand it too. We are really happy with Klaas. His expertise has helped us enormously. Klaas's way of communicating is direct, but honest. He keeps going until the penny drops and everyone understands the goal."
"Sometimes I had spirited conversations with employees. There were agreements made that I knew nothing about. I am, when necessary, black and white. If something is not true, I'm not going to write it down. Otherwise the municipality simply won't benefit. If you are honest you can make meters and make real improvements," said a driven Klaas. "I make sure my advice is adopted by convincing people with enthusiasm, obviously with the right justification. Fortunately, my field has great political support. Nobody wants to be in the newspaper in a nasty way". He continues: "If you tell a good story and goal in the management team, in which you clearly state what something will achieve, everyone cooperates. In the end, we have the same goal in mind".
Pentest
In addition to the ENSIA audit, Klaas also worked on following up on the recommendations that came out of the pen test. For example, Klaas created a password policy and managed the organizational issues that came out of this test. "Together you get very far. When the need is clear, things become fluid quickly."
Marco purchased a Security Information and Event Management (SIEM) solution as a result of the pen test. This checks for vulnerabilities and anomalies in employee data behavior. Virtual noise is normally not always noticeable, but with this solution it is. Klaas helped with the right justification to get the budget for this.
"The profession of information security is becoming more comprehensive. And that's a good thing, because no one is waiting for a data breach."
MARCO MUIZELAAR, ICT SERVICE MANAGER OF DRONTEN MUNICIPALITY
Outsourcing ICT
More and more municipalities are outsourcing ICT management. Klaas is happy about that. "But then you have to make very tight agreements about responsibilities and tasks, among other things." Marco: "Klaas has a direct approach, but never asks for the impossible. A lot of work at municipalities is put into making the contract, but then managing contracts and suppliers is sometimes forgotten. These are new roles. Everyone still has to get used to that a bit."
The CISO is a strategist
Marco has a clear vision of the role of the CISO. "The CISO is a strategist and therefore belongs in the strategic team alongside, for example, the Business Analyst. If the CISO receives emails about alleged spam in the organization then there is a lot to improve. In addition, a CISO needs an ISO. Just as the FG (data protection officer) needs a PO (privacy officer). The latter is already the case in Dronten".
Marco and Klaas agree on the traits a CISO needs. Marco: "First, you should not feel constrained to hold anyone accountable for their actions. Whether it is the mayor or the garbage collector, everyone must be aware of information security and the possible consequences. You must be able to move freely and operate independently. In addition, you must have knowledge of the BIO and ENSIA. And knowing the structure of the municipality is a huge plus. That is significantly different from a commercial company."
Klaas: "The knowledge among organizations about our field is unfortunately thin. It is not naturally in the DNA of municipalities and companies. It is also a new field and you have to train colleagues. If citizens don't notice anything about the policy, you are doing well as a municipality. But that takes expertise and time. That's why an external party is often needed to fill these gaps in knowledge and manpower. That's why we at Inergy have launched CISO as a Service.
"Dronten is a beautiful municipality and enormously involved with its residents. At City Hall, everyone helps each other."
MARCO MUIZELAAR, ICT SERVICE MANAGER OF DRONTEN MUNICIPALITY
How would you describe the municipality of Dronten?
Marco: "Dronten is a beautiful municipality and enormously involved with its residents. At the town hall everyone helps each other. Marco: "I can remember once there was a major network failure. The alderman stood directly at my desk. Not to pressure me, but with the question: What can I do to help you? That is typical of Dronten. We are a flat organization, have trust in each other and we work together to do as well as possible for our residents."
Municipality of Dronten
Dronten is a modern municipality in the province of Flevoland established in 1972. In fifty years, the municipality of Dronten grew into a municipality of more than 40,000 inhabitants. In addition to the city of Dronten itself and the villages of Biddinghuizen and Swifterbant, Dronten offers a varied landscape that brings you more than a million visitors annually.
The Dronten City Hall (House of the Municipality) has recently been remodeled. The building has undergone a complete change inside and the entrance has been modified. It is light, open, sustainable and circular. A real house of and for the municipality in which residents, entrepreneurs, council members and employees feel at home. After 14 months of demolition, construction and moving, the town hall is ready for the future.
Ask Thomas
