top of page
INFORMATIN SECURITY BERATUNG

CONSULTING

"Knowledge is legal.
Application of knowledge makes you accountable."

Manu Carus

In most cases, it just needs one weakness in a software, in a network configuration or in a process, and data, knowledge or availability of services is at danger!
 

I am working together with a network of security experts. Not one can know all. But you have to know who to rely on.

We support you with technically qualified solutions, concepts, analysis, assessments and reports in order to secure your infrastructure.

 

Our skills are especially set at these areas:

Information Security Management

Complex changes require a security program with formative planning, comprehensive management and stringent controlling.

 

Our CISO consultants are happy to support you in setting up and managing your security programs in accordance with ISO/IEC 27001, 27002, 27005, PCI/DSS and the IT-Sicherheitsgesetz:

 

  • Logical and Physical Access Controls

  • Secure Software Development

  • Business Continuity Planning and Disaster Recovery Planning

  • Cryptography

  • Information Security Governance and Risk Management

  • Legal and regulatory compliance

  • Operational Security

  • Security Architectures and Design

  • Network Security

 

We have special expertise on:

 

  • Information Security Policies

  • Vulnerability Assessments

  • Patch Management

  • System Hardening

  • Data Classification

  • IPS, SIEM, Network Segregation

  • Anti Malware

  • Application Security

  • Secure Software Development Lifecycle

  • Access Controls

  • Privileged Account Management (PAM)

  • Kerberos and Federated Identity Management (FIM)

  • Security Awareness

  • Threat Hunting

  • Training and Live Hacking

​​

Security Assessments

​​

As part of a security audit, we analyze your software, hardware, network infrastructure and IT processes with the aim of identifying vulnerabilities, attack surfaces and potential threats... before others succeed in doing so!
 

Aside of automated and manual source code reviews we set focus on:

 

  • Vulnerabilities against Exploit Techniques

  • Compiler and Linker Options

  • Runtime Environments and Runtime Protection

  • Build and Versioning Processes

  • Software Architecture

  • Data Categories

  • Interfaces and Protocols

  • Cryptographic Algorithms

 

  

With your approval we can also apply hacking techniques, like

 

  • Exploiting

  • Cracking

  • Man-in-the-Middle Attacks

  • Reverse Engineering

  • Fuzzing

 

 

As a result of our audits we will write a detailed report which contains a mitigation plan with appropriate remediation actions to handle the risk. 

 

We like to create solutions for secure software, hardware, networks and processes.

 

 

​​​

Security Architectures

Our concern is to offer constructive solutions to secure your IT. Precisely fitting. Up-to-date. And with the greatest possible transparency for your users and for you as the operator.

 

We develop a security architecture for software, hardware, network and IT processes, tailored to the individual IT environment of your company and the technologies and special features used there.

Special focus lies on:

 

  • Confidentiality, Integrity, Availability, Non-Repudiation, Authenticity

  • Identification, Authentication, Authorization, Accountability

  • Single Sign-On and Multi-Factor Authentication

  • Firewalls and Network Segregation

  • Server Hardening

  • Interfaces to internal and external partner systems

  • Code Signing and Anti-Hijacking

  • Log Monitoring and SIEM

  • Threat Intelligence and Threat Hunting

​​

Privacy Assessment

We would be happy to have your IT systems assessed by a Certified Data Privacy consultant with special attention to data, applications, processes and organization:

 

Completeness:

 

System Description

Authorization Concept

Data Privacy Information

Statement of Compliance

Mitigation Plan

Categorization of Systems and Projects

Further Documents

Assessments for Accessibility and Software Ergonomics

 

Correctness:

 

Consistency between Documentation and Reality

Vulnerability Assessment

Compliance

Live Sessions

Use of Real Data on Non-Productional Environments

bottom of page