Security
Consulting

Do you want to be sure that your cyber security is built on a solid and reliable long-term foundation and can also be quickly and easily adapted to future requirements? Our experts support you in formulating a long-term security strategy or in setting up a flexible framework for the structured management and targeted minimisation of all ICT risks. A cyber security framework (Information Security Management System) not only helps you to better manage your internal risks, the structured framework also greatly simplifies the implementation of compliance and risk management requirements.

Our ISMS/DSMS services include:

• Establishment and further development of an information security management system (ISMS) in accordance with ISO 27001
• CISO-as-a-Service / Security Officer Services
• DPC-as-a-Service / Data Protection Coordinator
• Development of a sustainable security strategy
• Support with (re-)certification in accordance with ISO 27001
• Auditing your organization os your ISMS in accordance with ISO 27001
• Development of security policy, guidelines / policy, guidelines / procedures & guidelines
• Definition of the security organization, functions and their task descriptions
• ISMS and ICT-Security-Management-Tool

Do you want to be sure that your cyber security is built on a solid and reliable long-term foundation and can also be quickly and easily adapted to future requirements? Our experts support you in formulating a long-term security strategy or in setting up a flexible framework for the structured management and targeted minimisation of all ICT risks. An NIST-based cyber security framework not only helps you to better manage your internal risks, the structured framework the implementation of compliance and risk management requirements.

We advise and support you on the following topics:

• CISO as a Service / Security Officer Service
• Development of a sustainable security strategy
• Risk analyses pursuant to ISO 27005
• NIST CSF Gap-Analysis
• Development of security policy, guidelines / policy, guidelines / procedures & guidelines
• Definition of the security organization, functions and their task descriptions

With our Table-Top Exercises (TTX), we review the existing cyber security & recovery processes together with you and your team on the basis of formulated scenarios. These scenarios deal with the strategic crisis organisation and/or the IT operational level. The focus is on building organisational and operational skills (crisis organisation, communication, reporting obligations in the event of cyber and data protection incidents, recovery, etc.) through the scenario-based simulation of crisis situations.

• Table-top exercises / simulation for the crisis management team
• Table-top exercises / simulation for the technical IT emergency organization
• Management workshop to process the security incident and recover the ability to act

With our many years of experience in the field of cyber security, we have the expertise to support you in setting up or optimising your Cyber Supply Chain Risk Management (C-SCRM). Systematic C-SCRM improves your security level in your supply chain, reduces your own cyber risks and ensures compliance requirements are met.

We advise and support you on the following topics:

• Carrying out a risk analysis of your supply chain
• Digital footprint risk monitoring service
• Implementation of suitable safety measures
• Definition of systematic cyber supply chain risk management
• Supporting the organisation with a C-SCRM tool
• Establishing appropriate incident response management

At first glance, digitalisation and data protection are difficult to reconcile. However, successful digitalisation requires the inclusion of data protection and is therefore a strategically important issue – for every company. The data protection experts at InfoGuard support you across the board when it comes to these issues: from questions relating to data protection requirements, analysis, strategy definition and conception to sensitisation and implementation.

Our data protection services include:

• Gap analysis of the Swiss Data Protection Act (CH revDSG) and the European General Data Protection Regulation (GDPR)
• GDPR web application audit on the Internet and webshops (disclaimer, cookies, data processing etc.)
• Sensitisation of employees to data protection
• Data protection strategy development pursuant to national data protection legislation (DSG) and GDPR
• Data protection impact assessment (DPIA)
• Certification support
• DPC-as-a-Service to support the DPO
• Data protection management system (tool)
• Auditing of external data processors

Compliance requirements such as ICS, CH revDSG, EU GDPR, NIS2, CRA, DORA, FINMA, SWIFT, PCI DSS or SIC are constantly changing and becoming ever more extensive. InfoGuard helps you to optimally implement and efficiently operate the various compliance requirements. We advise you on the applicable requirements. We also support you in analysing and implementing security measures in accordance with the relevant specifications. This ensures that the legal requirements are consistently complied with and correctly implemented on an ongoing basis.

We advise and support you on the following topics:

• CISO as a Service / Security Officer Service
• DPC as a Service / Data Protection Coordinator
• Carrying out a gap analysis with regard to the applicable requirements
• Implementation of systematic compliance management
• Support through an appropriate information security management tool (ISMS)

Do you want to improve your cyber security by setting up an information security management system (ISMS) in accordance with ISO 27001 or optimise your existing ISMS? Our experienced and certified auditors will accompany you on the way to ISO 27001, ISO 27701, TISAX, IEC 62443, CMMC certification.

We advise and support you on the following topics:

• Development and introduction of an Management System in accordance with ISO 27001, ISO 27701, TISAX, IEC 62443
• (Re-)certification pursuant to ISO 27001, ISO 27701, TISAX, IEC 62443, CMMC
• Further development of your ISMS in accordance with ISO 27001
• Auditing your ISMS in accordance with ISO 27001

We help you to set up an appropriate network and security architecture. Based on the ISO 27001 standard, we identify the missing elements in a gap analysis and highlight the associated risks. An action plan is then drawn up as a basis for operational implementation and prioritised according to risk. This ensures that you’ll be able to react quickly to new requirements in the future and put optimal IT security measures in place.

We advise and support you on the following topics:

• Definition of an IT security architecture in accordance with international standards (ISO, NIST and BSI)
• Determination of protection requirements through systematic risk analysis
• Support in maintaining all business processes
• Integration of IT security as an integral part of the IT architecture

The demands on cloud security governance are growing ever faster. In an age of Azure, AWS, GCP and many other cloud services, managing information and data correctly is essential, but also complex. There is often a lack of a holistic approach to guaranteeing the availability, confidentiality, integrity and traceability of information and data. Our cloud governance service ensures that the provision of resources, system integration, data security and other aspects of cloud computing is properly planned, considered and managed. InfoGuard helps you to optimally implement and efficiently operate the various requirements.

• Cloud risk assessment
• Defining and ensuring systematic cyber supply chain risk management
• Data protection impact assessment (DPIA)

Modern information and communication technologies are networking the industrial world. Operational technology (OT) is of great interest to cyber criminals because the increasing automation of industrial processes requires OT and IT technologies to be networked, which is changing the threat and risk landscape. Your OT infrastructures are also business-critical. Our services enable you to identify potential vulnerabilities in your IoT, OT, Industry 4.0 or smart infrastructure at an early stage and initiate appropriate protective measures.
Our experienced OT specialists help you to verify the key components, set up the architecture in line with the defence-in-depth approach, implement security in accordance with IEC 62443, establish suitable supplier risk management and thus contribute significantly to reducing security risks.

Our OT security services at a glance:

• Asset recognition – visibility of operating technology
• Evaluation of the threat landscape
• Evaluation of the protection concept
• Holistic assessment of “defence-in-depth” system security

The SAP security service provides you with a comprehensive overview of the security of your SAP systems. Our experienced SAP security experts support you from the conceptualisation and definition of processes through to the implementation of measures and the review of your SAP systems.

We advise and support you on the following topics:

• SAP security assessments
• SAP security concepts
• Elimination of inspection defects
• Analysis of SAP system access
• Support for SAP authorisation projects

By using cloud services and personal devices (BYOD), users can access data from anywhere. As a result, access management (privileged access management PAM and identity & access management IAM) has shifted from a perimeter-based to an identity-centred approach. As such, identity governance & administration becomes a key function and a prerequisite for strategic security objectives such as:

• Privileged Access Management
• Identity & Access Management
• Zero Trust security model
• Need-to-Know principle
• (Data Protection &) Security by Design
• (Data Protection &) Security by Default

With our 360° view and our business-to-identity services, we support your endeavours from planning and operation through to compliance. Our process model enables effective and sustainable implementation of identity governance & administration. Success factors are a high level of automation and integration. We accompany you on the way to viable PAM & IAM solutions that are impressive in legal, technical and organisational terms.