Security Consulting

Professional security consulting is essential in order to meet the diverse requirements and achieve individual goals – whether in the areas of strategy, governance, risk & compliance, security architecture and design, security assessments or the promotion of a security-conscious corporate culture. Our modular range of services takes equal account of technologies, processes and your employees.

Cyber Security
Strategy

Whether cyber security, cyber risk resilience, governance, risk & compliance, digitalisation or cloud: today’s growing challenges can only be overcome with a holistic cyber security strategy. InfoGuard’s modular range of services takes equal account of technologies, processes and your employees.
Cyber Risk Resilience
Strong cyber resilience is essential in order to meet the increasing regulatory requirements and the many challenges posed by digitalisation, the use of AI, IoT/OT and the cloud. This requires comprehensive expertise and many years of experience – be that in the areas of cyber security strategy, governance, risk & compliance, architecture and design, security assessments or in promoting a security-conscious corporate culture. Our modular range of services and the first-class expertise of our specialists cover all facets of comprehensive cyber security and strengthen your cyber resilience in the long term.
ISO/IEC 27001 | Information Security Management System (ISMS)

Do you want to be sure that your cyber security is built on a solid and reliable long-term foundation and can also be quickly and easily adapted to future requirements? Our experts support you in formulating a long-term security strategy or in setting up a flexible framework for the structured management and targeted minimisation of all ICT risks. A cyber security framework (Information Security Management System) not only helps you to better manage your internal risks, the structured framework also greatly simplifies the implementation of compliance and risk management requirements.

Our ISMS/DSMS services include:

Cyber Security Framework (NIST)

Do you want to be sure that your cyber security is built on a solid and reliable long-term foundation and can also be quickly and easily adapted to future requirements? Our experts support you in formulating a long-term security strategy or in setting up a flexible framework for the structured management and targeted minimisation of all ICT risks. An NIST-based cyber security framework not only helps you to better manage your internal risks, the structured framework the implementation of compliance and risk management requirements.

We advise and support you on the following topics:

ICT Security Management
Companies and administrations operate in a complex and dynamic environment. Regulatory pressure, changes in competition, cybercrime and the complexity of the infrastructure are constantly increasing. Managing requirements and measures along with compliance issues is increasingly becoming a major challenge. InfoGuard’s ICT tool supports users and IT security officers in recording the security requirements of the German government’s ICT baseline protection, assessing risks and implementing measures within the organisation and regularly reviewing or updating them.
Incident Response Planning | Crisis Management
Cyberattacks are one of the biggest threats to companies and institutions of all kinds. Nevertheless, many organisations are inadequately prepared for such incidents. InfoGuard offers a professional workshop in which you can develop a complete incident response plan using our proven templates and tried-and-tested processes. These templates are developed on the basis of the extensive experience of our CSIRT and consultants. This ensures that the individualised emergency plan is not only tried and tested, but also effective.
Tabletop Exercises (TTX)

With our Table-Top Exercises (TTX), we review the existing cyber security & recovery processes together with you and your team on the basis of formulated scenarios. These scenarios deal with the strategic crisis organisation and/or the IT operational level. The focus is on building organisational and operational skills (crisis organisation, communication, reporting obligations in the event of cyber and data protection incidents, recovery, etc.) through the scenario-based simulation of crisis situations.

  • Table-top exercises / simulation for the crisis management team
  • Table-top exercises / simulation for the technical IT emergency organization
  • Management workshop to process the security incident and recover the ability to act
Business Continuity Management (BCM)
Whether successful cyber or ransomware attacks, pandemic-related outages, supply chain problems or other (natural) disasters – Business Continuity Management (BCM) is an absolute must. BCM ensures that critical business processes and key functions remain available even in emergency situations or are quickly restored – and that you are able to act again without suffering existential levels of damage. Our experienced experts support you in developing a suitable BC strategy, in setting up and implementing a business continuity management system in accordance with ISO 22301, in preparing, conducting and evaluating Business Impact Analyses (BIA) and in developing and reviewing emergency and business continuity plans.

Governance, Risk
& Compliance

The demands on compliance and risk management are growing ever faster. InfoGuard helps you to optimally implement and efficiently operate the various compliance requirements.
CISO-as-a-Service
We offer companies a security officer service as part of an outsourcing arrangement. Our security experts take on the role of Chief Information Security Officer or we support your CISO. They handle planning, implementation, coordination and monitoring tasks for all information security measures and advise you on all data protection and cyber security issues. We provide you with professional support at a strategic, tactical and operational level.
DPC-as-a-Service
Our data protection experts support your DPO in analysing and defining an appropriate data protection strategy and in implementing the corresponding measures. This ensures that the legal requirements are consistently complied with. You can therefore rely on the cooperation of our experienced data protection experts.
IT, Cloud & Security Governance
The demands on IT, cloud and security governance are growing ever more rapidly. In an age of information overload and digitalisation, managing information and data correctly is essential, but also complex. There is often a lack of a holistic approach to guaranteeing the availability, confidentiality, integrity and traceability of information and data. InfoGuard helps you to optimally implement and efficiently operate the various requirements.
Cyber Supply Chain Risk Management (C-SCRM)

With our many years of experience in the field of cyber security, we have the expertise to support you in setting up or optimising your Cyber Supply Chain Risk Management (C-SCRM). Systematic C-SCRM improves your security level in your supply chain, reduces your own cyber risks and ensures compliance requirements are met.

We advise and support you on the following topics:

  • Carrying out a risk analysis of your supply chain
  • Digital footprint risk monitoring service
  • Implementation of suitable safety measures
  • Definition of systematic cyber supply chain risk management
  • Supporting the organisation with a C-SCRM tool
  • Establishing appropriate incident response management
Data Protection (CH revDSG / GDPR)

At first glance, digitalisation and data protection are difficult to reconcile. However, successful digitalisation requires the inclusion of data protection and is therefore a strategically important issue – for every company. The data protection experts at InfoGuard support you across the board when it comes to these issues: from questions relating to data protection requirements, analysis, strategy definition and conception to sensitisation and implementation.

Our data protection services include:

  • Gap analysis of the Swiss Data Protection Act (CH revDSG) and the European General Data Protection Regulation (GDPR)
  • GDPR web application audit on the Internet and webshops (disclaimer, cookies, data processing etc.)
  • Sensitisation of employees to data protection
  • Data protection strategy development pursuant to national data protection legislation (DSG) and GDPR
  • Data protection impact assessment (DPIA)
  • Certification support
  • DPC-as-a-Service to support the DPO
  • Data protection management system (tool)
  • Auditing of external data processors
Compliance Management (NIS2, DORA, CRA, FINMA, SWIFT, PCI DSS, SIC)

Compliance requirements such as ICS, CH revDSG, EU GDPR, NIS2, CRA, DORA, FINMA, SWIFT, PCI DSS or SIC are constantly changing and becoming ever more extensive. InfoGuard helps you to optimally implement and efficiently operate the various compliance requirements. We advise you on the applicable requirements. We also support you in analysing and implementing security measures in accordance with the relevant specifications. This ensures that the legal requirements are consistently complied with and correctly implemented on an ongoing basis.

We advise and support you on the following topics:

Certification Guidance (ISO 27001, ISO 27701, TISAX, IEC 62443, CMMC)

Do you want to improve your cyber security by setting up an information security management system (ISMS) in accordance with ISO 27001 or optimise your existing ISMS? Our experienced and certified auditors will accompany you on the way to ISO 27001, ISO 27701, TISAX, IEC 62443, CMMC certification.

We advise and support you on the following topics:

  • Development and introduction of an Management System in accordance with ISO 27001, ISO 27701, TISAX, IEC 62443
  • (Re-)certification pursuant to ISO 27001, ISO 27701, TISAX, IEC 62443, CMMC
  • Further development of your ISMS in accordance with ISO 27001
  • Auditing your ISMS in accordance with ISO 27001

Security Architecture
& Design

The strategy and architecture lay the foundation for optimised cyber security and efficient implementation of legal requirements and guidelines. By deploying an innovative enterprise IT security architecture, we support you in the planning and implementation of structured and coordinated activities with the aim of protecting corporate resources and ensuring agility in the face of change. Our specialists have many years of experience in the design of security architectures across the entire life cycle.
 
Network & Security Architecture | Zero Trust

We help you to set up an appropriate network and security architecture. Based on the ISO 27001 standard, we identify the missing elements in a gap analysis and highlight the associated risks. An action plan is then drawn up as a basis for operational implementation and prioritised according to risk. This ensures that you’ll be able to react quickly to new requirements in the future and put optimal IT security measures in place.

We advise and support you on the following topics:

  • Definition of an IT security architecture in accordance with international standards (ISO, NIST and BSI)
  • Determination of protection requirements through systematic risk analysis
  • Support in maintaining all business processes
  • Integration of IT security as an integral part of the IT architecture
Microsoft Azure, AWS, GCP, Cloud Security Governance

The demands on cloud security governance are growing ever faster. In an age of Azure, AWS, GCP and many other cloud services, managing information and data correctly is essential, but also complex. There is often a lack of a holistic approach to guaranteeing the availability, confidentiality, integrity and traceability of information and data. Our cloud governance service ensures that the provision of resources, system integration, data security and other aspects of cloud computing is properly planned, considered and managed. InfoGuard helps you to optimally implement and efficiently operate the various requirements.

  • Cloud risk assessment
  • Defining and ensuring systematic cyber supply chain risk management
  • Data protection impact assessment (DPIA)
IoT | Industry 4.0 | OT | Smart Infrastructure

Modern information and communication technologies are networking the industrial world. Operational technology (OT) is of great interest to cyber criminals because the increasing automation of industrial processes requires OT and IT technologies to be networked, which is changing the threat and risk landscape. Your OT infrastructures are also business-critical. Our services enable you to identify potential vulnerabilities in your IoT, OT, Industry 4.0 or smart infrastructure at an early stage and initiate appropriate protective measures.
Our experienced OT specialists help you to verify the key components, set up the architecture in line with the defence-in-depth approach, implement security in accordance with IEC 62443, establish suitable supplier risk management and thus contribute significantly to reducing security risks.

Our OT security services at a glance:

  • Asset recognition – visibility of operating technology
  • Evaluation of the threat landscape
  • Evaluation of the protection concept
  • Holistic assessment of “defence-in-depth” system security
SAP Security Services

The SAP security service provides you with a comprehensive overview of the security of your SAP systems. Our experienced SAP security experts support you from the conceptualisation and definition of processes through to the implementation of measures and the review of your SAP systems.

We advise and support you on the following topics:

  • SAP security assessments
  • SAP security concepts
  • Elimination of inspection defects
  • Analysis of SAP system access
  • Support for SAP authorisation projects
Vulnerability Management Services
Permanent vulnerability checks and optimisation of the company’s own infrastructure are a must for every company to cope with the constantly changing threat landscape. We support you with vulnerability management – from the concept through implementation to the standardised managed service from our ISO/IEC 27001-certified Cyber Defence Center (CDC) in Baar.
With our wide range of vulnerability management services, our experts support you exactly where you need it.


Vulnerability-Management-Concept
Efficient and effective vulnerability management stands on a solid conceptual foundation.

24/7 external Vulnerability-Management-as-a-Service (eVUMA)
The external Vulnerability Management Service shows you your company from the attackers’ perspective. Our Cyber Defence Center security experts scan your perimeter infrastructure on a daily basis. As soon as a critical vulnerability emerges that is exposed to the Internet, we handle the risk assessment of the vulnerability on your behalf and proactively contact you. Our experts are then available to advise you on demand so that you can rectify the vulnerability quickly and effectively.
PAM | IAM

By using cloud services and personal devices (BYOD), users can access data from anywhere. As a result, access management (privileged access management PAM and identity & access management IAM) has shifted from a perimeter-based to an identity-centred approach. As such, identity governance & administration becomes a key function and a prerequisite for strategic security objectives such as:

  • Privileged Access Management
  • Identity & Access Management
  • Zero Trust security model
  • Need-to-Know principle
  • (Data Protection &) Security by Design
  • (Data Protection &) Security by Default

With our 360° view and our business-to-identity services, we support your endeavours from planning and operation through to compliance. Our process model enables effective and sustainable implementation of identity governance & administration. Success factors are a high level of automation and integration. We accompany you on the way to viable PAM & IAM solutions that are impressive in legal, technical and organisational terms.

Human-Centered
Security

People are a key factor in your cyber security, which is why security awareness is an important element of any cyber security strategy. Our security awareness specialists have many years of practical experience in sensitising employees to the specific risk and security-conscious handling of information in everyday business life. Targeted phishing and social engineering simulations can then be used to verify the effectiveness of awareness and increase employee sensitisation in the long term.
Awareness Concept & Program
Based on the existing guidelines and your specific needs, we develop a detailed security awareness concept, or rather a security awareness concept or program for you. This includes the most important core messages, an appropriate catalogue of measures and a target-oriented communication plan. Tried-and-tested training elements, state-of-the-art technologies and proven methods each guarantee successful implementation in equal measure.
Awareness-as-a-Service
Employees are being exposed to increasingly complex phishing and ransomware attacks, meaning that security awareness training is all the more important. However, awareness is not a one-off measure. Our Awareness-as-a-Service program helps you to overcome the dangers of social engineering, phishing and ransomware attacks with the help of security awareness training and targeted simulations, thereby increasing the security awareness of your employees in the long term.
Management Workshop
Effective information protection stands and falls with the active support of all company employees – including management! In a targeted workshop for your management team, participants are shown the current threat landscape using real examples and the associated business impact in a transparent and comprehensible way. However, it also looks at the regulatory requirements and what this means for your management team.
Awareness Show | Live Hacking
A tried-and-tested means of raising employee awareness and gaining their interest is to show how cyber criminals obtain confidential information and manipulate their victims. This form of information transfer has proved very successful and combines targeted knowledge transfer with entertaining communication elements.
Web-Based Training | E-Learning
Continuous engagement with issues around information security ensures that your employees develop an even greater awareness and intuitively behave correctly at all times. Your employees learn about the risks and correct behaviour, can clearly identify with the everyday situations shown within the eLearning tool and apply the circumstances to their own environment. Our eLearning training courses strengthen security awareness and help your employees protect valuable information and data.
Phishing Simulation
In the current threat landscape, phishing attacks are among the most successful types of attack that can lead to a company being compromised. Our phishing simulation provides a snapshot of employees’ awareness of phishing emails. Furthermore, suitable training content can be provided after clicking on the phishing link or registering on the fake website. The final report of the phishing simulation elaborates possible organisational and technical measures.
Social Engineering Simulation
Our physical social engineering simulation checks whether the physical and organisational security measures you’ve selected at your company locations are sufficient to prevent unauthorised access to office premises. Furthermore, whether the specified guidelines (e.g. clean desk policy, visitor badges, locking the screen) are implemented by employees is checked. This enables not only potential security gaps to be identified, but also, the general awareness of employees and their behaviour towards unknown persons can be verified.

Cyber Security
Assessments

Your business processes only work if the right information is always available in the right place at the right time. Confidentiality, integrity and availability of information play an important role here. Our independent and tailored cyber security assessment will show you which organisational, technical, personnel and legal vulnerabilities exist in your company and which improvement measures are expedient.

As part of our security analyses, our experienced and certified experts review your concepts, procedures, infrastructure, processes and organisational structures in accordance with various international security and industry guidelines. This gives you the certainty that the defined objectives are achieved in accordance with best practice and that undesirable events are prevented. The answers as to whether the existing measures are sensible and appropriate complete the safety checks.

Analysis on the CH revDSG & GDPR
Our data protection gap analysis is the ideal solution if you only want to have one specific aspect analysed in more detail. For example, all services commissioned by you in the context of which personal data is processed on your behalf or where the service providers have access to such data. Or you simply want to have the privacy policy of your website thoroughly checked to prevent possible warnings. Gap analysis is also the right tool here.
SWIFT (Society for Worldwide Interbank Financial Telecommunication) Assessment
Year after year, SWIFT tightens up the regulations for financial service providers. Not only are new SWIFT controls added, but Advisory is upgraded to Mandatory. And a problem for many companies is the one-year period within which the adjustments have to be made. What’s your situation? Our SWIFT assessment provides clarity.
Microsoft 365 Security Assessment
Do you want certainty over the cyber resilience of your “Microsoft 365 Cloud” environment? Our Microsoft 365 assessment answers this question with a detailed analysis of your Microsoft 365 configuration. You will also receive tailored recommendations for a secure and optimised configuration of your “Microsoft 365” infrastructure. Our experts check whether your systems comply with best practice approaches and create a strengths and weaknesses profile of your current settings.
Phishing Simulation
In the current threat landscape, phishing attacks are among the most successful types of attack that can lead to a company being compromised. Our phishing simulation provides a snapshot of employees’ awareness of phishing emails. Furthermore, suitable training content can be provided after clicking on the phishing link or registering on the fake website. The final report of the phishing simulation elaborates possible organisational and technical measures.
Social Engineering Audit
Our physical social engineering simulation checks whether the physical and organisational security measures you’ve selected at your company locations are sufficient to prevent unauthorised access to office premises. Furthermore, whether the specified guidelines (e.g. clean desk policy, visitor badges, locking the screen) are implemented by employees is checked. This enables not only potential security gaps to be identified, but also, the general awareness of employees and their behaviour towards unknown persons can be verified.
Incident Response Readiness Assessment
Our Incident Response Readiness Assessment uncovers potential risks and vulnerabilities in your current incident response strategy. The specific recommendations for action in the final report can be used to increase incident response maturity in a targeted manner. The results and recommended measures are presented and explained at a workshop.

Do you have any questions about our Security Consulting Services?

Please fill out the form to get in touch with our experts. We are happy to advise you.

TOP-CIRCLE

Cyber Defence & Incident Response

Cyberangriffe erkennen, abwehren und Handlungsfähigkeit wiederherstellen

Im InfoGuard Cyber Defence Center (CDC) in der Schweiz arbeiten über 80 hochqualifizierte Cyber Security Expert*innen und Analysten. Das CDC an unserem Standort in Baar ist ISO 27001 zertifiziert und ISAE 3000 Typ 2 überprüft. Es verfügt über ein mehrstufiges, physisches Sicherheitskonzept und die Sicherheitssysteme werden rund um die Uhr überwacht. Die vitalen, technischen Komponenten sind mehrfach ausgelegt und garantieren höchste Verfügbarkeit. Gleichzeitig erfüllen wir die strengen Vorgaben des Datenschutzes (DSG und EU DSGVO/GDPR) und die Richtlinien für den schweizerischen Finanzsektor.

Zudem wird sichergestellt, dass die Daten ausschliesslich beim Kunden oder in unseren redundanten Rechenzentren in der Schweiz gespeichert werden. InfoGuard ist BSI-qualifizierter APT-Response-Dienstleister, Mitglied bei FIRST (Global Forum of Incident Response and Security Teams) und agiert zudem als Incident Response-Partner und Schadensabwickler von führenden Versicherungen, Brokern und Schadensabwicklern, was den hohen Qualitätsstandard der Cyber Defence und Response Services unterstreicht.

Zudem wird sichergestellt, dass die Daten ausschliesslich beim Kunden oder in unseren redundanten Rechenzentren in der Schweiz gespeichert werden. InfoGuard ist BSI-qualifizierter APT-Response-Dienstleister, Mitglied bei FIRST (Global Forum of Incident Response and Security Teams) und agiert zudem als Incident Response-Partner und Schadensabwickler von führenden Versicherungen, Brokern und Schadensabwicklern, was den hohen Qualitätsstandard der Cyber Defence und Response Services unterstreicht.

Bei all unseren Kunden mit einem MDR-Service
konnten wir erfolgreich einen Business Impact durch Cyberangriffe verhindern.

infoguard-cyber-defence-center

Profitieren Sie von unserer langjährigen Erfahrung

24/7

Managed Detection &
Response Services aus unserem CDC in der Schweiz

80+

Experten in dedizierten SOC-, CSIRT- und Threat-Intelligence-Teams

12+

Jahre SOC-Erfahrung & Kompetenz

300+

Cyber Defence- & CSIRT-Kunden

4

Wochen für das strukturierte SOC-Onboarding

Hunderte
Incident-Response-Fälle
pro Jahr

BSI-qualifizierter APT-
Response-Dienstleister &
FIRST-Mitglied

Swiss 
SOC-Plattform

infoguard-cyber-defence-plattform

Cyber Defence Platform

InfoGuard Cyber Defence Plattform

Herzstück einer wirksamen 
und effektiven Cyber Defence

Die eigenentwickelte, hochskalierbare und On-Prem in der Schweiz betriebene InfoGuard Cyber Defence Platform bildet das Kernstück unserer Cyber Defence Services und basiert auf einer offenen XDR-Architektur.

Um sicherzustellen, dass wir Bedrohungen aus allen Blickwinkeln sehen, sammelt die Plattform Daten von Endgeräten, Netzwerken, IoT-/OT-Infrastrukturen, Cloudumgebungen und Identitäten.

Durch die Nutzung unterschiedlicher Erkennungsmethoden, einschliesslich Machine Learning, kann die Plattform schnell Anomalien und verdächtige Verhaltensweisen aufdecken und mit Erkenntnissen aus aktuellen Sicherheitsvorfällen, simulierten Cyberattacken und Threat-Intelligence-Feeds anreichern, um unsere Analystenteams zu unterstützen. Dank der Schwarmintelligenz von Hunderten Kunden, täglich Tausenden von Sicherheitsereignissen und hunderten IR-Fällen ist der bestmögliche Schutz und die schnellstmögliche Reaktion garantiert.

Durch die Nutzung unterschiedlicher Erkennungsmethoden, einschliesslich Machine Learning, kann die Plattform schnell Anomalien und verdächtige Verhaltensweisen aufdecken und mit Erkenntnissen aus aktuellen Sicherheitsvorfällen, simulierten Cyberattacken und Threat-Intelligence-Feeds anreichern, um unsere Analystenteams zu unterstützen. Dank der Schwarmintelligenz von Hunderten Kunden, täglich Tausenden von Sicherheitsereignissen und hunderten IR-Fällen ist der bestmögliche Schutz und die schnellstmögliche Reaktion garantiert.

Die Plattform bietet umfassende Transparenz und arbeitet nahtlos mit Ihrem bestehenden Technologie-Stack zusammen. Dies minimiert das Onboarding und eliminiert die Herstellerabhängigkeit. Zudem ist sichergestellt, dass sensitive Kundendaten jederzeit geschützt sind und ausschliesslich in unserem Data Center in der Schweiz gespeichert werden.