SECURITY CONSULTING SERVICES

Does your company lack the internal resources to competently fill the position of a security officer and/or data protection officer? We can take on this task within the framework of an outsourcing relationship. You benefit from the experience and comprehensive know-how of our experts in the areas of technology, organisation, compliance and audit. We define the specific area of responsibility together with you and provide you with the relevant specialists.

We advise and support you on the following topics:

• Assuming the role of Security Officers, or Data Protection Officer

• InfoGuard CISO-as-a-Service

• InfoGuard DPO-as-a-Service

• Temporary relief in the event of staff shortages

• Immediately available deputy solutions

• Targeted coaching of your officers

Do you want to be sure that your security is built on a firm and reliable long-term foundation and can also be adapted quickly and easily to future requirements? Our experts support you in formulating a long-term security strategy or in setting up a flexible framework for the structured management and targeted minimisation of all ICT risks. A cyber security framework not only helps you to better manage your internal risks. The implementation of compliance and risk management requirements is also massively simplified by the structured framework.

Our ISMS/DSMS services include:

• Establishment and further development of an Information Security Management System (ISMS) in accordance with ISO 27001
• ISMS and ICT security management tool
• Security Officer Services
  

• Development of a sustainable security strategy (re-)certification according to ISO 27001

• Auditing of your ISMS according to ISO 27001

• Risk analyses according to ISO 27005

• Development of a cyber security framework according to the NIST CSF

• Development of a security policy as well as user guidelines and directives

• Definition of the security organisation with functional descriptions

Our independent security audit examines your information security and informs you about the organisational, personnel, physical and technical weaknesses in your company. Our detailed action plan provides you with the basis for a sustainable increase in your information security. It also includes recommendations for technical and organisational measures as well as awareness-raising and training suggestions for your employees.

Our Security Audit & Review covers the following areas:

• Security audit according to ISO 27001/27002
• GAP analysis with regard to ISO 27001 certification
• Security audit according to the NIST Cybersecurity Framework
• Security audit, penetration test and vulnerability scan according to PCI DSS
• GAP analysis with regard to PCI DSS certification
• System and architecture review
• Penetration test according to OSSTMM
• Vulnerability scans
• Social Engineering Audit

A gap analysis against the internationally recognised NIST Cyber Security Framework (CSF) provides the necessary transparency of your cyber security. Our security experts uncover deviations to all topic areas of the NIST CSF, assess them and provide prioritised recommendations for action.

This is how you benefit from our NIST CSF gap analysis:

• Overview of your current cyber security situation - identifying, protecting against risks, detecting and responding to events and restoring operations after an incident.
• Key risks are known and assessed by independent experts.
• You know your strengths / weaknesses profile against the NIST CSF.
• Concrete recommendations for measures prioritised according to risk assessment
• All findings from the NIST CSF gap analysis are recorded in a detailed report

You can find more about the NIST CSF gap analysis here ›

A data protection gap analysis is the optimal solution if you only want to have one specific aspect examined more intensively. For example, all the services you have commissioned, in the context of which personal data is processed on behalf of the service provider or potential access possibilities exist to such data by the service provider. Or do you just want to have the data protection declaration of your website thoroughly checked in order to prevent possible warnings? Here, too, the gap analysis is the right tool. 

Find out more about our data protection services here ›

With our many years of experience in cyber security, we have the expertise to support you in setting up or optimising your cyber supply chain risk management (C-SCRM). A systematic C-SCRM improves your security level in your supply chain, reduces own cyber risks and ensures compliance requirements.

We advise and support you on the following topics:

• Carrying out a risk analysis of your supply chain
• Digital Footprint Risk Monitoring Service
• Implementation of appropriate security measures
  Definition of systematic cyber supply chain risk management
• Definition of systematic cyber supply chain risk management
• Establishment of an appropriate incident response management

More about Supply Chain Risk Management Services

People are a decisive key factor for your information security, which is why security awareness is an important element of any cyber security strategy. Our specialists have many years of practical experience in the targeted sensitisation of employees for a risk- and security-conscious handling of information in everyday business. Based on existing guidelines and your specific needs, we develop a detailed security awareness concept. This includes the most important core messages, an appropriate catalogue of measures and a target-oriented communication plan.

Our security awareness services include:

• Security awareness concept development and campaign planning

• Security awareness branding

• Awareness communication (workshops, posters, brochures, intranet portals, etc.)

• Topic-specific workshops and training courses

• E-Learning trainings

• Live hacking demonstrations

Learn more about our Security Awareness Services › 

This year, SWIFT has once again tightened its regulations for financial service providers. Not only have new SWIFT controls been added, but several have been upgraded from advisory to mandatory. And a problem for many companies: the one-year period in which the adjustments have to be made. How do things look for you?

InfoGuard is a SWIFT assessor and confirmed cyber security provider. With our SWIFT Assessment, you receive a comprehensive overview of your current status as well as recommended measures to meet Compliance v2020.

We help you to build an appropriate network and security architecture. Based on the ISO 27001 standard and the NIST CSF, we identify the missing elements in a GAP analysis and show the associated risks. As a basis for operational implementation, an action plan is then drawn up and prioritised according to risk. In this way, we ensure that you can continue to react quickly to new needs and derive optimal IT security measures. With the know-how of our specialists, you can expand the competencies of your organisation and increase the performance of your information and ICT security in a targeted manner.

Our Security Architecture Services include:

• Network & Security Architecure
• Enterprise IT Security Architecture
• Evaluation and assessment of IT security architecture
• Creation and integration of an IT security architecture

Find out more about our Security Architecture Services ›

With digitalisation advancing ever faster, the number of security technologies needed to protect applications and users is also increasing. Our experts are always up to date with the latest knowledge. Depending on your specific needs, we support you and your specialist departments both selectively in individual processes or technology disciplines as well as comprehensively in entire application areas.

Our SAP / OT / DLT Security Services include:

• SAP Security Services
  • SAP Security Assessments
  • SAP Security Concepts
  • Elimination of audit deficiencies
  • Analysis of SAP system access
  • Support for SAP authorisation projects
• OT Security Services
  • Asset detection
    Evaluation of the threat landscape
    Evaluation of the protection concept
    Holistic assessment of asset security "Defence-In-Depth"
• DLT / Blockchain Security Services
  • DLT Strategy
  • DLT Security Architecture
  • DLT Security Testing
  • DLT Security Operations
  • DLT Security Academy

With our Vulnerability Management, you have an efficient way to identify, analyse and assess IT vulnerabilities. The vulnerability scan provides fundamental findings for assessing the current risk situation and the effectiveness of the implemented measures. Proactive monitoring of your IT infrastructure uncovers changes in systems and thus not only finds vulnerabilities of manufacturers, but also misconfigured systems, which in turn can lead to a security risk. 

Learn more about our Vulnerability Management & Scan Service ›