Our security assessments help you to identify and reduce security gaps in your organization and to implement “best practice standards” effectively. All aspects of information security by means of organizational, personnel, legal and structural questions are considered.
For a security assessment, we work according to the international standard family ISO/IEC 2700x and the basic IT protection catalogs of the Swiss Federal Office for Information Security BSI.
The view of an organization’s IT differs significantly in the way it is viewed. If the availability of file servers or the confidentiality of accounting data plays a central role from an internal point of view, the unassailability of the website or the impenetrability of the interfaces between Internet and Intranet are relevant from an external point of view, for example. When considering the viewpoint that the assessment should take into account, it should be borne in mind that by far the greatest damage is caused to companies by “insiders”.
By carrying out a safety assessment, you proactively address the topic of safety and work with us to develop a decision-making basis for the risk management of the entire company. After an IT security assessment, you know what dependencies exist with internal and external IT partners, what information needs to be protected, where you are particularly vulnerable and what measures can be taken for improvement.
- A complete overview of information and IT security organization
- Target/actual comparison on the basis of international standards
- Analysis of strengths and weaknesses based on international standards
- Recommendations for defining and implementing appropriate measures to improve information and IT security
- Efficient allocation of resources to address identified risks
- Service based on international standards (ISO 27001, 27002, SANS 20, IEC 62443, NERC CIP, etc.)
- Certified experts with many years of experience
- Guaranteed discretion
So-called “social engineering” refers to an approach in which the critical vulnerability of the human being is exploited. A situation is constructed with the intention of persuading employees to circumvent normal security precautions and disclose sensitive information. The best-known form is the so-called “phishing,” which attempts to access the personal data of an Internet user via fake websites, e-mails or short messages. Social engineering often forms part of a penetration test or is preceded by relevant training to raise employee awareness.
Penetration tests provide a comprehensive security check of individual computers, servers, and network systems and thus a certain form of ethical hacking. Means and methods of a potential attacker are used to penetrate the corresponding system. Penetration tests determine the sensitivity of the security architecture under test (e.g., data rooms, smartphones and mail servers) against such attacks.
Ethical hacking refers to the simulation of a cyber-attack by a hacker. Our IT specialists try to exploit the vulnerabilities identified in order to gain access to a computer or a network.
Within the framework of a so-called weak point analysis, common software and configuration errors are detected at infrastructure and application level. The knowledge gained here often forms the basis for a further penetration test.