STRATEGY & GOVERNANCE
Strategy Healthcheck
- Your added value:
- Focused analysis of how up-to-date your cybersecurity strategy is
- Crosscheck with all current influencing factors (cyber situation, regulatory factors, industry influences)
- Integration with business strategy – how well is the business model protected by the cyber strategy?
- What we provide: Document analysis and on-site expert workshop, written recommendations for action & presentation.
ISMS Healthcheck
-
- Your added value:
- Comprehensive analysis of their ISMS and how well it is suited to meet current cyber requirements
- Gap assessment to current standards and industry best practices
- Consideration of regulatory requirements
- What we provide: on-site expert assessment over several days, written recommendations for action & presentation.
Security Basis Assessment
- Your added value:
- Focused analysis of the status quo of your safety management
- Gap assessment to current standards and industry best practices
- Focus on controls and their effectiveness
- Baseline security approach, also suitable for companies with a lower maturity level
- What we provide: document analysis and on-site expert assessment, written recommendations for action & presentation.
Strategy Day
-
- Your added value:
- Analyze and update your cybersecurity strategy (or prepare for its redesign) in a focused workshop day.
- Bringing in current trends and frameworks for consideration in their strategy (cyber situational picture, technological trends, legal and regulatory frameworks, etc.).
- Ensuring that all aspects of the cyber strategy that are essential to them are taken into account (consideration of their business strategy, IT strategy, etc.)
- What we provide: Execution of a focused strategy workshop including preparation and follow-up
BCM Healthcheck
- Your added value:
- Comprehensive analysis of your BCM concept including scenario analysis, business impact analysis, resilience strategy and contingency planning
- Gap assessment to current regulations including standards and industry best practices
- Structured preparation for exams by the supervisor
- What we provide: on-site expert assessment over several days, written recommendations for action & presentation.
SLA Review
- Your added value:
- Comprehensive analysis of their existing SLAs with IT service providers (data centers, operators, software developers, cloud services, etc.)
- How complete and resilient is the SLA in terms of cybersecurity & BCM?
- How well are their rights and entitlements set out in the SLA?
- Recommendations for the optimization of SLAs
- What we provide: Review of existing SLAs, written recommendations, reconciliation workshop.
- We are also happy to support you in the negotiation and drafting of SLAs.
Introduction of an integrated security management system (ISMS) according to ISO 27001
- Your added value:
- Structured development of an ISMS according to the state of the art:
- Information Security Risk Management
- Security Governance Framework & Organization
- Policy Framework
- Security control framework
- Security processes
- What we do: We guide them step by step through the development of the ISMS based on their needs and in line with their business model. Furthermore, we accompany them during the implementation in the organization and, if required, also during the implementation of a suitable GRC tool. Duration and scope depend on size and complexity.
Our methodology
Set security targets
- Conduct a business impact analysis based on the company's critical core processes and data
- Determination of the need for protection in terms of availability, confidentiality and integrity
Threat Analysis
- Identification of threat scenarios by identifying potential vulnerabilities and attack surfaces of core processes and data
- Mapping of the threat scenarios to the results of the business impact analysis
Vulnerability analysis
- Structured security status survey across all key business areas (product and customer areas, IT, organization, human resources, facility management, etc.).
- Description of the individual vulnerabilities of their potential impact
- Assignment of the identified vulnerabilities to relevant threat Scenarios and evaluation according to business impact analysis
Action planning
- Creation of a cybersecurity strategy optimized for your company
- Prioritized list of measures to address the most important weaknesses
Implementation
- On request accompaniment of the implementation