graphical picture

adesso Security Services

Our solutions for tomorrow’s IT

Good reasons for Security Services

With adesso Security Services, we support the core business processes of companies by introducing targeted risk management in the context of cyber and information security. Benefit from tried and tested methods, tools and our project experience.

Challenges as drivers:
  • Technological change and digitalisation: networking, mobilisation and digitalisation challenge your ability to innovate and adapt
  • Laws and regulation: non-compliance can lead to drastic penalties
  • The cloud and cybercrime: a successful cyber-attack can have consequences that threaten the very existence of companies
  • Changes in requirements and competitive situation: steadily increasing requirements to maintain the competitive position
  • Lack of skills and resources: information security means investing both in technology and in skills.
  • Changing values and image: poor data protection and information security damage the corporate image.

Our fields of action

The protection of mission-critical data and information is a key business objective. It requires a company to be aware of the criticality of its data and information and the risks involved. Only once this has been established can a company respond appropriately and initiate suitable proactive and reactive measures. This requires a comprehensive approach and the right balance between technology, organisation and people.

Fields of action adesso Security Services

One of the core features of adesso Security Services is that we support our customers in defining strategic framework parameters that enable targeted risk management, in particular in the context of regulatory requirements.

Provide an overview

  • Carry out GAP analyses, audits & maturity assessments based on the ‘xAIT Readiness Check’.
  • Evaluate audit findings

Build structures

  • Establish governance, risk and compliance structures as well as control elements
  • Evaluate supporting tools

Close gaps

  • Resolve identified issues
  • Audit preparation and support

Standards

  • BAIT, VAIT, KAIT, ZAIT (BaFin)
  • IT Security Act
  • Kritis
  • NIST

In order to be able to manage relevant information in a meaningful way, it is necessary to establish an information security management system (ISMS). Such a system helps to identify and implement necessary measures and to evaluate their effectiveness.

Open as regards standards

  • Define ISMS maturity levels
  • Create a roadmap for the development and optimisation of an ISMS
  • Model the information network
  • Carry out structural, protection requirements and risk analyses
  • Create security concepts
  • Define guidelines
  • Implement awareness and training measures

Vendor-independent approach

  • Implement risk minimising measures
  • Design an ISMS tool support
  • Support on the path to certification

Standards

  • ISO/IEC 2700x
  • BSI 100, BSI 200
  • KritisV acc. to Section 8a 1-3 BSI-G
  • Industry-specific standards such as B3S, TISAX, WLA, etc.

In order to be able to guarantee the company’s success, it is indispensable that the (critical) business processes can be operated continuously. Business continuity management (BCM) is therefore an important component of the company’s risk management.

Consulting

  • Establish a business continuity management system (BCMS)
  • Establish an IT service continuity management (ITSCM)
  • Define guidelines and processes
  • Carry out business impact analyses (BIA)
  • Draft business continuity plans and (IT) contingency plans
  • Conduct training sessions

Audits

  • Perform risk analyses
  • Review the emergency preparedness
  • Perform emergency tests

Standards

  • ISO 22301, ISO 27031
  • BSI 100-4, 200-4
  • ITIL
  • KritisV

In our globalised and digitalised world, companies must increasingly account for hacker attacks and other types of cybercrime. To keep threats away from the company, IT systems must be regularly checked and secured.

Strategic and tactical

  • Analyse existing risks with regard to cyber security by means of a cyber risk analysis.
  • Validate compliance and security and risk requirements
  • Introduce a risk and security management framework
  • Establish outsourcing management
  • Identity and access management (IAM) conception
  • Network architecture for audits

Operations

  • Select and develop the security infrastructure (SIEM, SOC, SOAR, vulnerability management)
  • Carry out cloud security audits and configuration checks
  • Create security checklists for IT operations
  • Train IT operations team with regard to cloud security
  • Monitoring
  • Conception and implementation of phishing campaigns

Vulnerabilities in apps, applications and APIs are a popular backdoor for hackers to bypass all other infrastructure security measures. A secure development lifecycle is therefore essential in order to be able to develop secure software.

Application-oriented

  • Security in the software development lifecycle (SDLC)
  • Threat modelling
  • Developer training
  • Security concepts
  • Secure coding
  • Security by design
  • SecDevOps
  • Code reviews
  • Active Directory audit

Pentests and assessments

  • Network
  • Web application and web API
  • Workstation
  • Mobile app and OS (iOS, Android)
  • Segmentation test (according to PCI DSS)
  • W-LAN assessments
  • Static and dynamic code analyses
  • Network architecture audits
  • Firewall audits

SAP systems often contain the most important company data. That’s why we help you protect them. We support you in clearly identifying your risks, designing authorisations efficiently and securely and automating controls.

SAP Security Services

  • Complete audit of the SAP systems using WerthAUDITOR
  • Comprehensive results and recommendations for action to increase your level of safety

SAP GRC

  • Implement SAP GRC to ensure effective access management
  • Automatic controls for the internal control system (ICS)
  • Professional risk expertise

SAP authorisations

  • Redesign authorisations in an S/4HANA implementation (including Fiori and HANA)
  • Authorisation concepts for any SAP system
  • Clean up authorisation risks before an audit
  • Training for SAP users and experts on the subject of SAP authorisations
  • Support for operational role administration

We support you across all operations, both in terms of personnel and technology. We keep your software secure as adesso continually monitors and reviews the entire operation. In addition, we also help you achieve secure operation in the cloud or in your data centre.

Operate and detect

  • Continuous monitoring using a security information and event management system (SIEM)
  • Establish a SOC that proactively develops cloud security and responds to attacks
  • Regular automated scans of the infrastructure and applications
  • Pentesting
  • Configure and secure platforms such as cloud environments, web servers or IoT infrastructures

Support and consult

  • Authentication methods – such as eID, RFIDs, smartcards or certificates
  • Identity and access management
  • Security news and information
  • Active participation in OWASP Germany

Training and standards

  • Create security checklists for IT operations
  • Train IT operations team with regard to (cloud) security
  • Security champions programme
  • CSVS, ASVS, OpenSAMM

In order to be able to implement the requirements of data protection or the EU-GDPR in a compliant manner, it is essential to operate a (data protection) management system that takes into account all relevant technical and organisational aspects.

Establishment of management systems

  • Establish a privacy information management system (PIMS) according to ISO 27701
  • Design and implement data protection management and associated processes in accordance with EU-GDPR (processing directory, commissioned data processing, etc.)
  • Develop technical organisational measures (TOMs)

Operationalisation

  • Provision of an external data protection officer
  • Data protection consulting
  • Coaching
  • Evaluate supporting tools
  • Conduct training and awareness campaigns
  • Support in data protection emergencies

The advantages are plain to see

1. Our Experience

adesso has many years of cross-industry expertise in building custom-fit solutions for small and large companies.

2. Vendor-Independent Approach

adesso is not committed to any specific vendor and has developed its own templates and frameworks to accelerate projects.

3. Certified Professionals

adesso offers an experienced team with certified experts in the relevant fields.

4. Pracmatic Operationalisation

adesso is not only about planning and performing analyses, but we also excel when it comes to devising highly pragmatic operational schemes.

Do you have any questions?

Etienne Dziomber

Your point of contact
Etienne Dziomber - Head of adesso Security Services

Etienne.Dziomber@adesso.de

+49 (0) 231 7000-7000

Let’s brainstorm together on how we can identify and minimise existing risks in the context of cyber and information security in your company. Our services of the adesso Security Services portfolio – including cyber risk analysis, the remediation of specific vulnerabilities, ensuring compliance requirements and the certification of your company – are at your disposal.

Save this page. Remove this page.