Information Security

The Protection of Information is becoming increasingly important

Information Security is now ciritcal for any business.

The big challenge is to fully comply with all security policies and standards as well as processes and controls of your company with the requirements for confidentiality, integrity, availability, transparency, etc. of the company data. In addition, all this must be brought into line with legal requirements and instructions from supervisory authorities. A recurring and complex and business-critical affair.

Challenge

Information security is a comprehensive and central issue that must be a top priority in all areas and processes of a company. Gaps in information security, but also in the established Information Security Management System (ISMS), pose many risks, such as

  • direct or indirect financial loss
  • legal impact on companies, employees, customers and partners
  • Loss of reputation, credibility or competitive advantage
  • Extortion and industrial espionage by e.g. organised crime
  • Disclosure of confidential, sensitive or embarrassing information
  • Sabotage

Ensuring information security is based on “CIA” (Confidentiality, Integrity and Availability) on the one hand, but also on other aspects of the OECD guidelines on “Data Lifecycle”, the principles of the VDU and the GDPR.

A whole series of governance frameworks such as COBIT 5, ISO/IEC 2700 / 38500 / 20000, ITIL, ISM3 – to name but a few – play an important role here.

So the challenges are comprehensive and big. Many organizations are unable to address all aspects of all the topics themselves to proactively address threats and risks.

Solution Approach

As experts in information security and IT security, we support our customers in all aspects. Our portfolio ranges from professional consulting to security assessments and security audits to the preparation and execution of awareness trainings. In order to be able to do this, the expertise of our employees is always up-to-date. The methology necessary for the achievement of the target for the exercise or Execution of an information security mandate/order is always defined specifically by the requirements described by the customer and defined task. For example, the procedure for one of our assignments for an assessment of IT infrastructure components on the topic of “security and vulnerability management” was as follows:

Security & Vulnerability Management

… that for an IT security audit on the “security of an SME infrastructure” was defined as follows:

Audit Methode

… the results of an examination can be treated in detail, for example, as an overview graphic according to NISTin the report with regard to examination, results and measures.

Secure Profile

Customer Benefits

Thanks to our practice-oriented and customer-specific approach, you get lean, efficient, individually adapted, comprehensible and targeted work results, e.g.

  • as a Pre Audit Report for an upcoming IS audit
  • specific assessment or overall assessment of your established information protection measures
  • Determination of your ISMS and processes
  • well-founded second opinions on specific topics of information protection
  • flexible external personnel solutions to support your daily IS tasks, such as analyses or project management for IS projects

To help you focus better on your core business and business processes, we are happy to support you in the areas of information security and IT security. We ensure that we operate according to the latest “Information Security Standards and Frameworks”. This saves you resources and expensive know-how.

Hansjörg Stibi

Hansjoerg Stibi has very good analytical skills on the one hand and the corresponding business know-how on the other hand in order to coordinate project tasks in the IT sector with the entire operating environment.

His many years of experience in various disciplines of data protection and IT services, especially in the banking environment, insurance, public administration and industry, ensures high professional security and continuity.

Various internationally recognized certifications in IT areas, IT security and project management underline this.