adesso Security Services

Along with natural disasters and pandemics, ransomware and DDoS attacks are the main threats to the availability of business-critical processes. Our specialists are experts in the areas of offensive, defensive and IT security, where we use a variety of standards to guarantee the highest level of security.

Offensive security

• Maturity assessment
• Threat and vulnerability assessment
• Network security checks
• Pentesting on layers 3, 4 and 7

Defensive security

• Incident response and business continuity
• Incident process consulting
• Emergency planning
• IT service and business continuity
• IT emergency management for cyber incidents

IT security

• Cyber security checks
• Technical security audits
• Implementation support

Standards

• ISO/IEC 27032 CYBER
• SIEM
• ISO/IEC 27037 FORENSIC
• ISO/IEC 27035 INCIDENT
• NIST
• CIS, IRC
• MITRE ATT@CK

To handle sensitive information in a responsible way, you need to set up an information security management system (ISMS). This helps to identify and adopt the necessary measures and check their effectiveness. Taking into account the relevant standards, we support you during the analysis, consultation and implementation phases.

Analysis

• Define ISMS maturity levels
• Conduct GAP analyses
• Carry out protection requirements and business impact analyses
• Cloud compliance

Consultation

• Create security concepts
• 1st, 2nd and 3rd party audits
• CISO/ISB coaching and interim functions
• Select and design ISMS/GRC tools

Implementation

• Implement, operate and optimise ISMSs
• Set up, migrate and implement multiscope ISMSs
• Tool-based management systems
• Training and awareness

Standards

• BAIT, VAIT, KAIT, ZAIT
• KRITIS/B3S
• TISAX
• Information security
• ISO/IEC 27005 RISK
• IT-Grundschutz (BSI (German Federal Office for Information Security) methodology)
• WLA

adesso IT Management Consulting optimises your IT department at a strategic, technological and organisational level, helping you to complete the switch to a flexible, cloud-based IT service structure while ensuring compliance with regulatory requirements.

KRITIS (=critical infrastructure) sectors

• Automotive
• Energy
• Health
• Motorways
• Finance
• Waste management

Subject to BAFIN regulations

• Banks
• Insurance providers
• Capital management firms
• Payment service providers

Services

• Conduct readiness checks
• Resolve issues identified during audits
• Establish compliance with regulatory requirements

Standards

• BAIT, VAIT, KAIT, ZAIT
• KRITIS/B3S
• ISO 13485
• TISAX
• ESMA
• EBA guidelines
• EIOPA
• HIPA
• DORA
• PCI DSS
• NIS2

To ensure the success of your company, it is essential that business (critical) processes can continue to run without any disruption. This makes business continuity management (BCM) an important component of corporate risk management. Taking into account the relevant standards, we support you during the analysis, consultation and implementation phases.

Analysis

• Define ISMS maturity levels
• Conduct GAP analyses
• Carry out business impact and risk impact analyses
• Respond to incidents

Consultation

• Business continuity management (BCM) and IT service continuity management (ITSCM)
• Create emergency and restart concepts
• 1st, 2nd and 3rd party audits

Implementation

• Set up, migrate and implement integrated BCM systems
• Emergency and crisis management team drills
• Evaluate BCM tools

Standards

• ISO 22301
• ITIL
• ISO/IEC 27031
• BSI 200-4

In the context of cyber security and IT security, risk management entails the analysis of digital risks such as cyber attacks, data loss, data breaches and other threats that may pose a risk to the integrity, confidentiality and availability of information and systems. Our services include:

• Implementation, operation and optimisation of integrated risk management processes
• Workshops and courses
• Operational risk management and risk treatment

Standards

• ISO/IEC 27005
• ISO 31000
• BAIT, VAIT, KAIT, ZAIT
• MARisk

In the context of cyber security, awareness measures refer to activities that aim to increase the awareness and knowledge of employees in the company regarding risks, best practices and how to deal with digital threats. These measures are particularly important in order to minimise human error and ensure the security of information, systems and networks. Our services include:

• Security awareness campaigns (online, in-person, e-learning)
• Phishing campaigns
• Live hacking
• Training and further education for management system officers, ISMS/BCMS implementers as well as internal and external auditors
• Advanced training in cyber and IT security

In order to be able to implement the requirements of data protection or the EU GDPR in a compliant manner, it is essential to operate a (data protection) management system that takes into account all relevant technical and organisational aspects. Taking into account the relevant standards, we support you during the analysis, consultation and implementation phases.

Analysis

• Define ISMS maturity levels
• Conduct GAP analyses
• Carry out protection requirements and business impact analyses
• Cloud compliance

Consultation

• Design and implement data protection management and associated processes in accordance with EU GDPR
• Develop technical organisational measures (TOMs)

Implementation

• Establish a privacy information management system according to ISO 27701
• Provision of an external data protection officer
• Hold training sessions and run awareness campaigns

Standards

• ISO 27018
• ISO/IEC 27701 PIMS

More and more processes and use cases are anchored in digital systems. At the same time, the rapid pace of technological change in organisations opens up new opportunities for cyber criminals.

Our experts support you in these challenges. With our expertise, we offer you a comprehensive portfolio across the entire software development cycle.

Identity and access management (IAM) is a concept and set of technologies, procedures and policies for managing the digital identity of users, devices and applications, and for controlling access to resources in a corporate network or IT environment. The main goal of IAM is to ensure that the right people or entities can access the right resources at the right time while ensuring security and compliance. Taking into account the relevant standards, we support you during the analysis, consultation and implementation phases.

Analysis

• Define ISMS maturity levels
• IAM governance
• Cloud compliance

Consultation

• Support in the creation of IAM concepts
• Development of role-based access concepts for different technologies and platforms
• Authorisation modelling

Implementation

• Implement IAM in the areas of identity lifecycle management, access management and identity governance
• Connect applications to the IAM system
• Usage tracking

Standards

• IAM
• PAM

The requirements for the use and secure handling of the IDV applications in operation must be reviewed, adapted accordingly if necessary and operationalised. This ensures that BAFIN-specific requirements are met.

With our comprehensive industry knowledge and specialised experts, we support you in the implementation and operationalisation of BAFIN requirements. We support you in the following phases:

• Creation of an IDV guideline
• Documentation of the IDV applications
• Definition or customisation of the IDV inventory
• Carrying out a protection requirements analysis
• IDV development process