Notebook with lock

adesso Security Services

Our solutions for tomorrow’s IT

Good reasons for Security Services

With adesso Security Services, we support the core business processes of companies by introducing targeted risk management in the context of cyber and information security. Benefit from tried and tested methods, tools and our project experience.

Challenges as drivers:
  • Technological change and digitalisation: networking, mobilisation and digitalisation challenge your ability to innovate and adapt.
  • Laws and regulation: non-compliance can lead to drastic penalties.
  • The cloud and cybercrime: a successful cyber-attack can have consequences that threaten the very existence of companies.
  • Changes in requirements and competitive situation: steadily increasing requirements to maintain the competitive position.
  • Lack of skills and resources: information security means investing both in technology and in skills.
  • Changing values and image: poor data protection and information security damage the corporate image.

Our fields of action

The protection of mission-critical data and information is a key business objective. It requires a company to be aware of the criticality of its data and information and the risks involved. Only once this has been established can a company respond appropriately and initiate suitable proactive and reactive measures. This requires a comprehensive approach and the right balance between technology, organisation and people.

Our fields of activity

Along with natural disasters and pandemics, ransomware and DDoS attacks are the main threats to the availability of business-critical processes. Our specialists are experts in the areas of offensive, defensive and IT security, where we use a variety of standards to guarantee the highest level of security.

Offensive security
  • Maturity assessment
  • Threat and vulnerability assessment
  • Network security checks
  • Pentesting on layers 3, 4 and 7

Defensive security

 Incident response and business continuity

 Incident process consulting

 Emergency planning

 IT service and business continuity

 IT emergency management for cyber incidents

IT security

 Cyber security checks

 Technical security audits

 Implementation support

Standards

 ISO/IEC 27032 CYBER

 SIEM

 ISO/IEC 27037 FORENSIC

 ISO/IEC 27035 INCIDENT

 NIST

 CIS, IRC

 MITRE ATT@CK

To handle sensitive information in a responsible way, you need to set up an information security management system (ISMS). This helps to identify and adopt the necessary measures and check their effectiveness. Taking into account the relevant standards, we support you during the analysis, consultation and implementation phases.

Analysis

  • Define ISMS maturity levels
  • Conduct GAP analyses
  • Carry out protection requirements and business impact analyses
  • Cloud compliance

Consultation

  • Create security concepts
  • 1st, 2nd and 3rd party audits
  • CISO/ISB coaching and interim functions
  • Select and design ISMS/GRC tools

Implementation

  • Implement, operate and optimise ISMSs
  • Set up, migrate and implement multiscope ISMSs
  • Tool-based management systems
  • Training and awareness

Standards

  • BAIT, VAIT, KAIT, ZAIT
  • KRITIS/B3S
  • TISAX
  • Information security
  • ISO/IEC 27005 RISK
  • IT-Grundschutz (BSI (German Federal Office for Information Security) methodology)
  • WLA

adesso IT Management Consulting optimises your IT department at a strategic, technological and organisational level, helping you to complete the switch to a flexible, cloud-based IT service structure while ensuring compliance with regulatory requirements.

KRITIS (=critical infrastructure) sectors

  • Automotive
  • Energy
  • Health
  • Motorways
  • Finance
  • Waste management

Subject to BAFIN regulations

  • Banks
  • Insurance providers
  • Capital management firms
  • Payment service providers

Services

  • Conduct readiness checks
  • Resolve issues identified during audits
  • Establish compliance with regulatory requirements

Standards

  • BAIT, VAIT, KAIT, ZAIT
  • KRITIS/B3S
  • ISO 13485
  • TISAX
  • ESMA
  • EBA guidelines
  • EIOPA
  • HIPA
  • PCI DSS
  • NIS2

To ensure the success of your company, it is essential that business (critical) processes can continue to run without any disruption. This makes business continuity management (BCM) an important component of corporate risk management. Taking into account the relevant standards, we support you during the analysis, consultation and implementation phases.

Analysis

  • Define ISMS maturity levels
  • Conduct GAP analyses
  • Carry out business impact and risk impact analyses
  • Respond to incidents

Consultation

Implementation

  • Set up, migrate and implement integrated BCM systems
  • Emergency and crisis management team drills
  • Evaluate BCM tools

Standards

  • ISO 22301
  • ITIL
  • ISO/IEC 27031
  • BSI 200-4

In the context of cyber security and IT security, risk management entails the analysis of digital risks such as cyber attacks, data loss, data breaches and other threats that may pose a risk to the integrity, confidentiality and availability of information and systems. Our services include:

  • Implementation, operation and optimisation of integrated risk management processes
  • Workshops and courses
  • Operational risk management and risk treatment

Standards

  • ISO/IEC 27005
  • ISO 31000
  • BAIT, VAIT, KAIT, ZAIT
  • MARisk

In the context of cyber security, awareness measures refer to activities that aim to increase the awareness and knowledge of employees in the company regarding risks, best practices and how to deal with digital threats. These measures are particularly important in order to minimise human error and ensure the security of information, systems and networks. Our services include:

  • Security awareness campaigns (online, in-person, e-learning)
  • Phishing campaigns
  • Live hacking
  • Training and further education for management system officers, ISMS/BCMS implementers as well as internal and external auditors
  • Advanced training in cyber and IT security

In order to be able to implement the requirements of data protection or the EU GDPR in a compliant manner, it is essential to operate a (data protection) management system that takes into account all relevant technical and organisational aspects. Taking into account the relevant standards, we support you during the analysis, consultation and implementation phases.

Analysis

  • Define ISMS maturity levels
  • Conduct GAP analyses
  • Carry out protection requirements and business impact analyses
  • Cloud compliance

Consultation

  • Design and implement data protection management and associated processes in accordance with EU GDPR
  • Develop technical organisational measures (TOMs)

Implementation

  • Establish a privacy information management system according to ISO 27701
  • Provision of an external data protection officer
  • Hold training sessions and run awareness campaigns

Standards

  • ISO 27018
  • ISO/IEC 27701 PIMS

More and more processes and use cases are anchored in digital systems. At the same time, the rapid pace of technological change in organisations opens up new opportunities for cyber criminals.

Our experts support you in these challenges. With our expertise, we offer you a comprehensive portfolio across the entire software development cycle.

Learn more about Application Security at adesso

Identity and access management (IAM) is a concept and set of technologies, procedures and policies for managing the digital identity of users, devices and applications, and for controlling access to resources in a corporate network or IT environment. The main goal of IAM is to ensure that the right people or entities can access the right resources at the right time while ensuring security and compliance. Taking into account the relevant standards, we support you during the analysis, consultation and implementation phases.

Analysis

  • Define ISMS maturity levels
  • IAM governance
  • Cloud compliance

Consultation

  • Support in the creation of IAM concepts
  • Development of role-based access concepts for different technologies and platforms
  • Authorisation modelling

Implementation

  • Implement IAM in the areas of identity lifecycle management, access management and identity governance
  • Connect applications to the IAM system
  • Usage tracking

Standards

  • IAM
  • PAM

The requirements for the use and secure handling of the IDV applications in operation must be reviewed, adapted accordingly if necessary and operationalised. This ensures that BAFIN-specific requirements are met.

With our comprehensive industry knowledge and specialised experts, we support you in the implementation and operationalisation of BAFIN requirements. We support you in the following phases:

  • Creation of an IDV guideline
  • Documentation of the IDV applications
  • Definition or customisation of the IDV inventory
  • Carrying out a protection requirements analysis
  • IDV development process

Learn more

The advantages are plain to see

1. Our Experience: adesso has many years of cross-industry expertise in building custom-fit solutions for small and large companies.

2. Vendor-Independent Approach: adesso is not committed to any specific vendor and has developed its own templates and frameworks to accelerate projects.

3. Certified Professionals: adesso offers an experienced team with certified experts in the relevant fields.

4. Pracmatic Operationalisation: adesso is not only about planning and performing analyses, but we also excel when it comes to devising highly pragmatic operational schemes.

Successful cooperation for your added value

Our partnerships

adesso relies on various partners and memberships in the security environment. It takes a tightly knit network to design successful cyber security measures to protect your valuable know-how.

Do you have any questions?

Let’s brainstorm together on how we can identify and minimise existing risks in the context of cyber and information security in your company.

Our services of the adesso Security Services portfolio are at your disposal.

Save this page. Remove this page.