Security
Consulting

Strong cyber resilience is essential in order to meet the increasing regulatory requirements and the many challenges posed by digitalisation, the use of AI, IoT/OT and the cloud. This requires comprehensive expertise and many years of experience – be that in the areas of cyber security strategy, governance, risk & compliance, architecture and design, security assessments or in promoting a security-conscious corporate culture. Our modular range of services and the first-class expertise of our specialists cover all facets of comprehensive cyber security and strengthen your cyber resilience in the long term.

Do you want to be sure that your cyber security is built on a solid and reliable long-term foundation and can also be quickly and easily adapted to future requirements? Our experts support you in formulating a long-term security strategy or in setting up a flexible framework for the structured management and targeted minimisation of all ICT risks. A cyber security framework (Information Security Management System) not only helps you to better manage your internal risks, the structured framework also greatly simplifies the implementation of compliance and risk management requirements.

Our ISMS/DSMS services include:

• Establishment and further development of an information security management system (ISMS) in accordance with ISO 27001
• CISO-as-a-Service / Security Officer Services
• DPC-as-a-Service / Data Protection Coordinator
• Development of a sustainable security strategy
• Support with (re-)certification in accordance with ISO 27001
• Auditing your organization os your ISMS in accordance with ISO 27001
• Development of security policy, guidelines / policy, guidelines / procedures & guidelines
• Definition of the security organization, functions and their task descriptions
• ISMS and ICT-Security-Management-Tool

Do you want to be sure that your cyber security is built on a solid and reliable long-term foundation and can also be quickly and easily adapted to future requirements? Our experts support you in formulating a long-term security strategy or in setting up a flexible framework for the structured management and targeted minimisation of all ICT risks. An NIST-based cyber security framework not only helps you to better manage your internal risks, the structured framework the implementation of compliance and risk management requirements.

We advise and support you on the following topics:

• CISO as a Service / Security Officer Service
• Development of a sustainable security strategy
• Risk analyses pursuant to ISO 27005
• NIST CSF Gap-Analysis
• Development of security policy, guidelines / policy, guidelines / procedures & guidelines
• Definition of the security organization, functions and their task descriptions

Companies and administrations operate in a complex and dynamic environment. Regulatory pressure, changes in competition, cybercrime and the complexity of the infrastructure are constantly increasing. Managing requirements and measures along with compliance issues is increasingly becoming a major challenge. InfoGuard’s ICT tool supports users and IT security officers in recording the security requirements of the German government’s ICT baseline protection, assessing risks and implementing measures within the organisation and regularly reviewing or updating them.

Cyberattacks are one of the biggest threats to companies and institutions of all kinds. Nevertheless, many organisations are inadequately prepared for such incidents. InfoGuard offers a professional workshop in which you can develop a complete incident response plan using our proven templates and tried-and-tested processes. These templates are developed on the basis of the extensive experience of our CSIRT and consultants. This ensures that the individualised emergency plan is not only tried and tested, but also effective.

With our Table-Top Exercises (TTX), we review the existing cyber security & recovery processes together with you and your team on the basis of formulated scenarios. These scenarios deal with the strategic crisis organisation and/or the IT operational level. The focus is on building organisational and operational skills (crisis organisation, communication, reporting obligations in the event of cyber and data protection incidents, recovery, etc.) through the scenario-based simulation of crisis situations.

• Table-top exercises / simulation for the crisis management team
• Table-top exercises / simulation for the technical IT emergency organization
• Management workshop to process the security incident and recover the ability to act

Whether successful cyber or ransomware attacks, pandemic-related outages, supply chain problems or other (natural) disasters – Business Continuity Management (BCM) is an absolute must. BCM ensures that critical business processes and key functions remain available even in emergency situations or are quickly restored – and that you are able to act again without suffering existential levels of damage. Our experienced experts support you in developing a suitable BC strategy, in setting up and implementing a business continuity management system in accordance with ISO 22301, in preparing, conducting and evaluating Business Impact Analyses (BIA) and in developing and reviewing emergency and business continuity plans.

We offer companies a security officer service as part of an outsourcing arrangement. Our security experts take on the role of Chief Information Security Officer or we support your CISO. They handle planning, implementation, coordination and monitoring tasks for all information security measures and advise you on all data protection and cyber security issues. We provide you with professional support at a strategic, tactical and operational level.

Our data protection experts support your DPO in analysing and defining an appropriate data protection strategy and in implementing the corresponding measures. This ensures that the legal requirements are consistently complied with. You can therefore rely on the cooperation of our experienced data protection experts.

The demands on IT, cloud and security governance are growing ever more rapidly. In an age of information overload and digitalisation, managing information and data correctly is essential, but also complex. There is often a lack of a holistic approach to guaranteeing the availability, confidentiality, integrity and traceability of information and data. InfoGuard helps you to optimally implement and efficiently operate the various requirements.

With our many years of experience in the field of cyber security, we have the expertise to support you in setting up or optimising your Cyber Supply Chain Risk Management (C-SCRM). Systematic C-SCRM improves your security level in your supply chain, reduces your own cyber risks and ensures compliance requirements are met.

We advise and support you on the following topics:

• Carrying out a risk analysis of your supply chain
• Digital footprint risk monitoring service
• Implementation of suitable safety measures
• Definition of systematic cyber supply chain risk management
• Supporting the organisation with a C-SCRM tool
• Establishing appropriate incident response management

At first glance, digitalisation and data protection are difficult to reconcile. However, successful digitalisation requires the inclusion of data protection and is therefore a strategically important issue – for every company. The data protection experts at InfoGuard support you across the board when it comes to these issues: from questions relating to data protection requirements, analysis, strategy definition and conception to sensitisation and implementation.

Our data protection services include:

• Gap analysis of the Swiss Data Protection Act (CH revDSG) and the European General Data Protection Regulation (GDPR)
• GDPR web application audit on the Internet and webshops (disclaimer, cookies, data processing etc.)
• Sensitisation of employees to data protection
• Data protection strategy development pursuant to national data protection legislation (DSG) and GDPR
• Data protection impact assessment (DPIA)
• Certification support
• DPC-as-a-Service to support the DPO
• Data protection management system (tool)
• Auditing of external data processors

Compliance requirements such as ICS, CH revDSG, EU GDPR, NIS2, CRA, DORA, FINMA, SWIFT, PCI DSS or SIC are constantly changing and becoming ever more extensive. InfoGuard helps you to optimally implement and efficiently operate the various compliance requirements. We advise you on the applicable requirements. We also support you in analysing and implementing security measures in accordance with the relevant specifications. This ensures that the legal requirements are consistently complied with and correctly implemented on an ongoing basis.

We advise and support you on the following topics:

• CISO as a Service / Security Officer Service
• DPC as a Service / Data Protection Coordinator
• Carrying out a gap analysis with regard to the applicable requirements
• Implementation of systematic compliance management
• Support through an appropriate information security management tool (ISMS)

Do you want to improve your cyber security by setting up an information security management system (ISMS) in accordance with ISO 27001 or optimise your existing ISMS? Our experienced and certified auditors will accompany you on the way to ISO 27001, ISO 27701, TISAX, IEC 62443, CMMC certification.

We advise and support you on the following topics:

• Development and introduction of an Management System in accordance with ISO 27001, ISO 27701, TISAX, IEC 62443
• (Re-)certification pursuant to ISO 27001, ISO 27701, TISAX, IEC 62443, CMMC
• Further development of your ISMS in accordance with ISO 27001
• Auditing your ISMS in accordance with ISO 27001

We help you to set up an appropriate network and security architecture. Based on the ISO 27001 standard, we identify the missing elements in a gap analysis and highlight the associated risks. An action plan is then drawn up as a basis for operational implementation and prioritised according to risk. This ensures that you’ll be able to react quickly to new requirements in the future and put optimal IT security measures in place.

We advise and support you on the following topics:

• Definition of an IT security architecture in accordance with international standards (ISO, NIST and BSI)
• Determination of protection requirements through systematic risk analysis
• Support in maintaining all business processes
• Integration of IT security as an integral part of the IT architecture

The demands on cloud security governance are growing ever faster. In an age of Azure, AWS, GCP and many other cloud services, managing information and data correctly is essential, but also complex. There is often a lack of a holistic approach to guaranteeing the availability, confidentiality, integrity and traceability of information and data. Our cloud governance service ensures that the provision of resources, system integration, data security and other aspects of cloud computing is properly planned, considered and managed. InfoGuard helps you to optimally implement and efficiently operate the various requirements.

• Cloud risk assessment
• Defining and ensuring systematic cyber supply chain risk management
• Data protection impact assessment (DPIA)

Modern information and communication technologies are networking the industrial world. Operational technology (OT) is of great interest to cyber criminals because the increasing automation of industrial processes requires OT and IT technologies to be networked, which is changing the threat and risk landscape. Your OT infrastructures are also business-critical. Our services enable you to identify potential vulnerabilities in your IoT, OT, Industry 4.0 or smart infrastructure at an early stage and initiate appropriate protective measures.
Our experienced OT specialists help you to verify the key components, set up the architecture in line with the defence-in-depth approach, implement security in accordance with IEC 62443, establish suitable supplier risk management and thus contribute significantly to reducing security risks.

Our OT security services at a glance:

• Asset recognition – visibility of operating technology
• Evaluation of the threat landscape
• Evaluation of the protection concept
• Holistic assessment of “defence-in-depth” system security

The SAP security service provides you with a comprehensive overview of the security of your SAP systems. Our experienced SAP security experts support you from the conceptualisation and definition of processes through to the implementation of measures and the review of your SAP systems.

We advise and support you on the following topics:

• SAP security assessments
• SAP security concepts
• Elimination of inspection defects
• Analysis of SAP system access
• Support for SAP authorisation projects

Permanent vulnerability checks and optimisation of the company’s own infrastructure are a must for every company to cope with the constantly changing threat landscape. We support you with vulnerability management – from the concept through implementation to the standardised managed service from our ISO/IEC 27001-certified Cyber Defence Center (CDC) in Baar.
With our wide range of vulnerability management services, our experts support you exactly where you need it.

Vulnerability-Management-Concept
Efficient and effective vulnerability management stands on a solid conceptual foundation.

24/7 external Vulnerability-Management-as-a-Service (eVUMA)
The external Vulnerability Management Service shows you your company from the attackers’ perspective. Our Cyber Defence Center security experts scan your perimeter infrastructure on a daily basis. As soon as a critical vulnerability emerges that is exposed to the Internet, we handle the risk assessment of the vulnerability on your behalf and proactively contact you. Our experts are then available to advise you on demand so that you can rectify the vulnerability quickly and effectively.

By using cloud services and personal devices (BYOD), users can access data from anywhere. As a result, access management (privileged access management PAM and identity & access management IAM) has shifted from a perimeter-based to an identity-centred approach. As such, identity governance & administration becomes a key function and a prerequisite for strategic security objectives such as:

• Privileged Access Management
• Identity & Access Management
• Zero Trust security model
• Need-to-Know principle
• (Data Protection &) Security by Design
• (Data Protection &) Security by Default

With our 360° view and our business-to-identity services, we support your endeavours from planning and operation through to compliance. Our process model enables effective and sustainable implementation of identity governance & administration. Success factors are a high level of automation and integration. We accompany you on the way to viable PAM & IAM solutions that are impressive in legal, technical and organisational terms.

Based on existing guidelines and your specific needs, we develop a detailed security awareness concept. This includes key messages, a comprehensive catalogue of measures and a targeted communication plan. Successful implementation is ensured by tried-and-tested training elements, state-of-the-art technologies and tried-and-tested methods.

Employees are increasingly exposed to more complex phishing and ransomware attacks. Security awareness training is therefore essential. Our Awareness-as-a-Service helps you to overcome the dangers of social engineering, phishing and ransomware attacks with the help of targeted training and simulations and to sustainably increase the security awareness of your employees.

Our physical social engineering simulation checks the effectiveness of your physical and organisational security measures. We test compliance with guidelines such as the ‘Clean Desk Policy’ and visitor badges. This simulation identifies security gaps and checks employees' security awareness and behaviour towards unknown persons.

Phishing attacks are one of the most successful methods of compromising companies. Our phishing simulations provide a snapshot of your employees' awareness of phishing emails. After clicking on the phishing link or logging into the fake website, suitable training content is provided. The final report contains recommendations for organisational and technical measures.

Continuous engagement with information security issues ensures that your employees develop a strong security awareness and intuitively behave correctly. Our e-learning training courses convey the risks and correct behaviour and help your employees to identify with everyday situations and transfer the circumstances to their own environment. These training courses strengthen security awareness and support the protection of valuable information and data.

Our data protection gap analysis is the ideal solution if you only want to have one specific aspect analysed in more detail. For example, all services commissioned by you in the context of which personal data is processed on your behalf or where the service providers have access to such data. Or you simply want to have the privacy policy of your website thoroughly checked to prevent possible warnings. Gap analysis is also the right tool here.

Year after year, SWIFT tightens up the regulations for financial service providers. Not only are new SWIFT controls added, but Advisory is upgraded to Mandatory. And a problem for many companies is the one-year period within which the adjustments have to be made. What’s your situation? Our SWIFT assessment provides clarity.

Do you want certainty over the cyber resilience of your “Microsoft 365 Cloud” environment? Our Microsoft 365 assessment answers this question with a detailed analysis of your Microsoft 365 configuration. You will also receive tailored recommendations for a secure and optimised configuration of your “Microsoft 365” infrastructure. Our experts check whether your systems comply with best practice approaches and create a strengths and weaknesses profile of your current settings.

In the current threat landscape, phishing attacks are among the most successful types of attack that can lead to a company being compromised. Our phishing simulation provides a snapshot of employees’ awareness of phishing emails. Furthermore, suitable training content can be provided after clicking on the phishing link or registering on the fake website. The final report of the phishing simulation elaborates possible organisational and technical measures.

Our physical social engineering simulation checks whether the physical and organisational security measures you’ve selected at your company locations are sufficient to prevent unauthorised access to office premises. Furthermore, whether the specified guidelines (e.g. clean desk policy, visitor badges, locking the screen) are implemented by employees is checked. This enables not only potential security gaps to be identified, but also, the general awareness of employees and their behaviour towards unknown persons can be verified.

Our Incident Response Readiness Assessment uncovers potential risks and vulnerabilities in your current incident response strategy. The specific recommendations for action in the final report can be used to increase incident response maturity in a targeted manner. The results and recommended measures are presented and explained at a workshop.

Ausgeklügelte Cyberattacken identifiziert XDR aufgrund von Anomalien in Ihrer Infrastruktur. Relevante Security-Vorfälle auf Arbeitsplatzrechnern, Smartphones, Tablets, Servern und Cloud-Workloads werden zusammengefasst. Dadurch sind Sie sofort über den Angriff informiert und unsere Experten im InfoGuard Cyber Defence Center können sofort reagieren, bevor sich der Angreifer im Netzwerk ausbreitet.

Ausgeklügelte Cyberattacken identifiziert XDR aufgrund von Anomalien in Ihrer Infrastruktur. Relevante Security-Vorfälle auf Arbeitsplatzrechnern, Smartphones, Tablets, Servern und Cloud-Workloads werden zusammengefasst. Dadurch sind Sie sofort über den Angriff informiert und unsere Experten im InfoGuard Cyber Defence Center können sofort reagieren, bevor sich der Angreifer im Netzwerk ausbreitet.