CONSULTING

"Knowledge is legal.
Applying knowledge takes you into responsibility."

Manu Carus

In most cases, it just needs one weakness in a software, in a network configuration or in a process, and data, knowledge or availability of services is at danger!
 

I am working together with a network of security experts. Not one can know all. But you have to know who to rely on.

We support you with technically qualified solutions, concepts, analysis, assessments and reports in order to secure your infrastructure.

 

Our skills are especially set at these areas:

Information Security Management

Complex changes require a security program with a sound planning, comprehensive management and stringent controlling.

 

Our CISO consultants will support you with setting up and managing your security programs according to ISO 27001, ISO 27002, ISO 27005 and PCI/DSS:

 

  • Access Control

  • Application Development Security

  • Business Continuity and Disaster Recovery

  • Cryptography

  • Information Security Governance and Risk Management

  • Legal, Regulations, Investigations and Compliance

  • Operations Security

  • Physical (Environmental) Security

  • Security Architecture and Design

  • Telecommunications and Network Security

 

We have special expertise on:

 

  • Policies: Information Security and Data Privacy

  • Vulnerability Management

  • Patch Management

  • System Hardening

  • Data Classification

  • IPS, SIEM, Network Seggregation

  • Malware Protection

  • Application Security

  • Secure Software Lifecycle

  • User Access Control

  • Privileged User Management

  • WiFi Security

  • Compliance with Legal and Regulations

  • Media Deletion and Data Disposal

  • Security Awareness

  • Training und Live Hacking

​​

Security Assessments

​​

We can analyze and audit your software, hardware, network and IT processes and will identify vulnerabilities, exploit vectors and threats... before others do!
 

Aside of automated and manual source code reviews we set focus on:

 

  • Exploit Techniques

  • Compiler and Linker Options

  • Runtime Environments and Dynamic Protection

  • Build and Versioning Processes

  • Software Architecture

  • Data Classification

  • Interfaces and Protocol

  • Cryptographic Algorithms

  • Vulnerability Assessments

  • System Hardening

  • Secure Configuration

  • Patch Management

  • Network Segregation 

 

  

With your approval we can also apply hacking techniques, like

 

  • Exploiting

  • Cracking

  • Man-in-the-Middle Attacks

  • Reverse Engineering

  • Fuzzing

 

 

As a result of our audits we will write a detailed report which contains a mitigation plan with appropriate remediation actions to handle the risk. 

 

We like to create solutions for secure software, hardware, networks and processes.

 

 

​​​

Enterprise Information Security Architecture (EISA)

Our mission is to find creative solutions to secure your IT. Custom-fit. Up to date. And with greatest transparence for your end users and you as the service provider.

We create a security architecture for software, hardware, networking and processes, customized to the individual operations environment of your organization and the technologies in use and local specifics.

Special focus lies on:

 

  • Authentication, Encryption, Integrity, Availability

  • Authorization

  • Firewalls and Network Segregation

  • Server Hardening

  • Interfacing internal and external Partner Systems

  • Code Signing and Anti Hijacking

​​

Privacy Assessment

In compliance to your order, we assess your systems with particular focus on documentation, software and configuration:

 

Completeness:

 

System Description

Authorization Concept

Data Privacy Information

Statement of Compliance

Mitigation Plan

Categorization of Systems and Projects

Further Documents

Assessments for Accessibility and Software Ergonomics

 

Correctness:

 

Consistency between Documentation and Reality

Vulnerability Assessment

Compliance

Live Sessions

Use of Real Data on Non-Productional Environments

Information Security

Gemarkenweg 1

51467 Bergisch Gladbach

GPG: 45E1715630AEA748