Notebook with lock

adesso Security Services

Our solutions for tomorrow’s IT


Good reasons for Security Services

With adesso Security Services, we support the core business processes of companies by introducing targeted risk management in the context of cyber and information security. Benefit from tried and tested methods, tools and our project experience.

Challenges as drivers:
  • Technological change and digitalisation: networking, mobilisation and digitalisation challenge your ability to innovate and adapt.
  • Laws and regulation: non-compliance can lead to drastic penalties.
  • The cloud and cybercrime: a successful cyber-attack can have consequences that threaten the very existence of companies.
  • Changes in requirements and competitive situation: steadily increasing requirements to maintain the competitive position.
  • Lack of skills and resources: information security means investing both in technology and in skills.
  • Changing values and image: poor data protection and information security damage the corporate image.

Our fields of action

The protection of mission-critical data and information is a key business objective. It requires a company to be aware of the criticality of its data and information and the risks involved. Only once this has been established can a company respond appropriately and initiate suitable proactive and reactive measures. This requires a comprehensive approach and the right balance between technology, organisation and people.

Our fields of activity

Along with natural disasters and pandemics, ransomware and DDoS attacks are the main threats to the availability of business-critical processes. Our specialists are experts in the areas of offensive, defensive and IT security, where we use a variety of standards to guarantee the highest level of security.

Offensive security
  • Maturity assessment
  • Threat and vulnerability assessment
  • Network security checks
  • Pentesting on layers 3, 4 and 7

Defensive security

 Incident response and business continuity

 Incident process consulting

 Emergency planning

 IT service and business continuity

 IT emergency management for cyber incidents

IT security

 Cyber security checks

 Technical security audits

 Implementation support

Standards

 ISO/IEC 27032 CYBER

 SIEM

 ISO/IEC 27037 FORENSIC

 ISO/IEC 27035 INCIDENT

 NIST

 CIS, IRC

 MITRE ATT@CK

To handle sensitive information in a responsible way, you need to set up an information security management system (ISMS). This helps to identify and adopt the necessary measures and check their effectiveness. Taking into account the relevant standards, we support you during the analysis, consultation and implementation phases.

Analysis

  • Define ISMS maturity levels
  • Conduct GAP analyses
  • Carry out protection requirements and business impact analyses
  • Cloud compliance

Consultation

  • Create security concepts
  • 1st, 2nd and 3rd party audits
  • CISO/ISB coaching and interim functions
  • Select and design ISMS/GRC tools

Implementation

  • Implement, operate and optimise ISMSs
  • Set up, migrate and implement multiscope ISMSs
  • Tool-based management systems
  • Training and awareness

Standards

  • BAIT, VAIT, KAIT, ZAIT
  • KRITIS/B3S
  • TISAX
  • Information security
  • ISO/IEC 27005 RISK
  • IT-Grundschutz (BSI (German Federal Office for Information Security) methodology)
  • WLA

adesso IT Management Consulting optimises your IT department at a strategic, technological and organisational level, helping you to complete the switch to a flexible, cloud-based IT service structure while ensuring compliance with regulatory requirements.

KRITIS (=critical infrastructure) sectors

  • Automotive
  • Energy
  • Health
  • Motorways
  • Finance
  • Waste management

Subject to BAFIN regulations

  • Banks
  • Insurance providers
  • Capital management firms
  • Payment service providers

Services

  • Conduct readiness checks
  • Resolve issues identified during audits
  • Establish compliance with regulatory requirements

Standards

  • BAIT, VAIT, KAIT, ZAIT
  • KRITIS/B3S
  • ISO 13485
  • TISAX
  • ESMA
  • EBA guidelines
  • EIOPA
  • HIPA
  • DORA
  • PCI DSS

To ensure the success of your company, it is essential that business (critical) processes can continue to run without any disruption. This makes business continuity management (BCM) an important component of corporate risk management. Taking into account the relevant standards, we support you during the analysis, consultation and implementation phases.

Analysis

  • Define ISMS maturity levels
  • Conduct GAP analyses
  • Carry out business impact and risk impact analyses
  • Respond to incidents

Consultation

  • Business continuity management (BCM) and IT service continuity management (ITSCM)
  • Create emergency and restart concepts
  • 1st, 2nd and 3rd party audits

Implementation

  • Set up, migrate and implement integrated BCM systems
  • Emergency and crisis management team drills
  • Evaluate BCM tools

Standards

  • ISO 22301
  • ITIL
  • ISO/IEC 27031
  • BSI 200-4

In the context of cyber security and IT security, risk management entails the analysis of digital risks such as cyber attacks, data loss, data breaches and other threats that may pose a risk to the integrity, confidentiality and availability of information and systems. Our services include:

  • Implementation, operation and optimisation of integrated risk management processes
  • Workshops and courses
  • Operational risk management and risk treatment

Standards

  • ISO/IEC 27005
  • ISO 31000
  • BAIT, VAIT, KAIT, ZAIT
  • MARisk

In the context of cyber security, awareness measures refer to activities that aim to increase the awareness and knowledge of employees in the company regarding risks, best practices and how to deal with digital threats. These measures are particularly important in order to minimise human error and ensure the security of information, systems and networks. Our services include:

  • Security awareness campaigns (online, in-person, e-learning)
  • Phishing campaigns
  • Live hacking
  • Training and further education for management system officers, ISMS/BCMS implementers as well as internal and external auditors
  • Advanced training in cyber and IT security

In order to be able to implement the requirements of data protection or the EU GDPR in a compliant manner, it is essential to operate a (data protection) management system that takes into account all relevant technical and organisational aspects. Taking into account the relevant standards, we support you during the analysis, consultation and implementation phases.

Analysis

  • Define ISMS maturity levels
  • Conduct GAP analyses
  • Carry out protection requirements and business impact analyses
  • Cloud compliance

Consultation

  • Design and implement data protection management and associated processes in accordance with EU GDPR
  • Develop technical organisational measures (TOMs)

Implementation

  • Establish a privacy information management system according to ISO 27701
  • Provision of an external data protection officer
  • Hold training sessions and run awareness campaigns

Standards

  • ISO 27018
  • ISO/IEC 27701 PIMS

You cannot create secure applications unless security activities are monitored over the lifecycle of a product. This begins with requirements engineering and extends to penetration testing performed on the application while it is running. Taking into account the relevant standards, we support you during the analysis, consultation and implementation phases.

Analysis

  • Requirements engineering
  • Technical reviews, audits
  • Threat modelling
  • SAST, DAST, dependency/configuration checks
  • Design and code reviews

Consultation

  • Design procedures and structures for a secure development process (SDLC, SecDevOps)
  • Security by design, privacy by design

Implementation

  • Project support in security engineering/SecDevOps
  • Pentesting
    • Network
    • Web app
    • Mobile app
    • Embedded
    • AD
    • Wi-Fi
  • Physicals
  • Social engineering
  • Red teaming

Standards

  • ISO 27034
  • MITRE ATT@CK
  • OWASP Top 10/ASVS
  • CIS

Identity and access management (IAM) is a concept and set of technologies, procedures and policies for managing the digital identity of users, devices and applications, and for controlling access to resources in a corporate network or IT environment. The main goal of IAM is to ensure that the right people or entities can access the right resources at the right time while ensuring security and compliance. Taking into account the relevant standards, we support you during the analysis, consultation and implementation phases.

Analysis

  • Define ISMS maturity levels
  • IAM governance
  • Cloud compliance

Consultation

  • Support in the creation of IAM concepts
  • Development of role-based access concepts for different technologies and platforms
  • Authorisation modelling

Implementation

  • Implement IAM in the areas of identity lifecycle management, access management and identity governance
  • Connect applications to the IAM system
  • Usage tracking

Standards

  • IAM
  • PAM

The advantages are plain to see

1. Our Experience: adesso has many years of cross-industry expertise in building custom-fit solutions for small and large companies.

2. Vendor-Independent Approach: adesso is not committed to any specific vendor and has developed its own templates and frameworks to accelerate projects.

3. Certified Professionals: adesso offers an experienced team with certified experts in the relevant fields.

4. Pracmatic Operationalisation: adesso is not only about planning and performing analyses, but we also excel when it comes to devising highly pragmatic operational schemes.


Successful cooperation for your added value

Our partnerships

adesso relies on various partners and memberships in the security environment. It takes a tightly knit network to design successful cyber security measures to protect your valuable know-how.



Do you have any questions?

Let’s brainstorm together on how we can identify and minimise existing risks in the context of cyber and information security in your company. Our services of the adesso Security Services portfolio – including cyber risk analysis, the remediation of specific vulnerabilities, ensuring compliance requirements and the certification of your company – are at your disposal.

Save this page. Remove this page.