CONSULTING
"Knowledge is legal.
Application of knowledge makes you accountable."
Manu Carus
In most cases, it just needs one weakness in a software, in a network configuration or in a process, and data, knowledge or availability of services is at danger!
I am working together with a network of security experts. Not one can know all. But you have to know who to rely on.
​
We support you with technically qualified solutions, concepts, analysis, assessments and reports in order to secure your infrastructure.
Our skills are especially set at these areas:
​
​
​
Information Security Management
​
Complex changes require a security program with formative planning, comprehensive management and stringent controlling.
Our CISO consultants are happy to support you in setting up and managing your security programs in accordance with ISO/IEC 27001, 27002, 27005, PCI/DSS and the IT-Sicherheitsgesetz:
-
Logical and Physical Access Controls
-
Secure Software Development
-
Business Continuity Planning and Disaster Recovery Planning
-
Cryptography
-
Information Security Governance and Risk Management
-
Legal and regulatory compliance
-
Operational Security
-
Security Architectures and Design
-
Network Security
We have special expertise on:
-
Information Security Policies
-
Vulnerability Assessments
-
Patch Management
-
System Hardening
-
Data Classification
-
IPS, SIEM, Network Segregation
-
Anti Malware
-
Application Security
-
Secure Software Development Lifecycle
-
Access Controls
-
Privileged Account Management (PAM)
-
Kerberos and Federated Identity Management (FIM)
-
Security Awareness
-
Threat Hunting
-
Training and Live Hacking
​​
​
​
Security Assessments
​​​
As part of a security audit, we analyze your software, hardware, network infrastructure and IT processes with the aim of identifying vulnerabilities, attack surfaces and potential threats... before others succeed in doing so!
Aside of automated and manual source code reviews we set focus on:
-
Vulnerabilities against Exploit Techniques
-
Compiler and Linker Options
-
Runtime Environments and Runtime Protection
-
Build and Versioning Processes
-
Software Architecture
-
Data Categories
-
Interfaces and Protocols
-
Cryptographic Algorithms
With your approval we can also apply hacking techniques, like
-
Exploiting
-
Cracking
-
Man-in-the-Middle Attacks
-
Reverse Engineering
-
Fuzzing
As a result of our audits we will write a detailed report which contains a mitigation plan with appropriate remediation actions to handle the risk.
We like to create solutions for secure software, hardware, networks and processes.
​​​​
​
Security Architectures
​
Our concern is to offer constructive solutions to secure your IT. Precisely fitting. Up-to-date. And with the greatest possible transparency for your users and for you as the operator.
We develop a security architecture for software, hardware, network and IT processes, tailored to the individual IT environment of your company and the technologies and special features used there.
​
Special focus lies on:
-
Confidentiality, Integrity, Availability, Non-Repudiation, Authenticity
-
Identification, Authentication, Authorization, Accountability
-
Single Sign-On and Multi-Factor Authentication
-
Firewalls and Network Segregation
-
Server Hardening
-
Interfaces to internal and external partner systems
-
Code Signing and Anti-Hijacking
-
Log Monitoring and SIEM
-
Threat Intelligence and Threat Hunting
​​
​
​
Privacy Assessment
​
We would be happy to have your IT systems assessed by a Certified Data Privacy consultant with special attention to data, applications, processes and organization:
Completeness:
System Description
Authorization Concept
Data Privacy Information
Statement of Compliance
Mitigation Plan
Categorization of Systems and Projects
Further Documents
Assessments for Accessibility and Software Ergonomics
Correctness:
Consistency between Documentation and Reality
Vulnerability Assessment
Compliance
Live Sessions
Use of Real Data on Non-Productional Environments