Security Checkup - Clear IT Security Assessment
Have you had little interaction with information security so far, but would like to take action and protect your company? Then our Information Security Checkup is just the thing for you! We have developed a standardized questionnaire that gives a quick impression of the maturity level of your information security.
It represents an efficient option for initial risk detection.
Maturity Analysis for SMEs & Start-ups
Target Audience of the Checkup
We offer the checkup to small and medium-sized enterprises in the DACH region to demonstrate without obligation the current state of maturity and to give recommendations for action. This category also includes most scale-ups and start-ups!
The SME definition includes all companies with the following criteria:
- Number of employees: up to 249
- Annual turnover up to 50 million EUR
A security checkup is an essential tool for companies of all industries to systematically assess IT security and identify vulnerabilities early on. However, the application and requirements vary depending on the industry and sensitivity of the data processed. A security checkup is also necessary in other sensitive areas such as banks, insurance companies, the healthcare sector, energy supply, or public administration.
If your company is slightly above this, please contact us anyway. The SME definition serves as a guideline.
As part of a maturity analysis, we look at all relevant security areas - from technology to organization to processes - in a structured way. In the analysis, we follow recognized standards such as ISO 27001 and BSI basic protection and use standardized questionnaires as well as interviews with those responsible. The evaluation is based on maturity levels ranging from "unregulated" to "optimizing". The higher the level of maturity, the more mature and effective are the security processes and risk management.
A security checkup with maturity analysis provides you with a clear overview of strengths, weaknesses, and areas for development. The results are documented in a report, which forms the basis for an action plan that specifically further develops the security strategy.
Transparency about your IT security level
Classification into Protection Requirement Classes
The protection requirement determination assesses how critical certain information, systems, or processes are for your company. Classification is usually done in three protection requirement categories:
- Normal: Impairments are limited and manageable, financial damages remain tolerable, downtimes are acceptable.
- High: The impacts are substantial, such as significant financial losses, legal consequences, or severe disruption of business processes.
- Very high: The consequences are existential or catastrophic, such as massive data losses, damage to reputation, or harm to life and limb.
The protection requirement determination is carried out separately for the basic values of confidentiality, integrity, and availability. For each category, we consider typical damage scenarios, such as financial damages, legal consequences, impairment of task fulfillment, or negative external impact. The protection requirement class determines which security measures are at least necessary.
With the combination of maturity rating and protection requirement classification, we achieve targeted prioritization: We primarily address critical vulnerabilities in areas with very high protection requirements.
References
Transparency about your IT security level
What is the Security Check Suitable for?
Securing the entire attack surface of an organization is becoming increasingly challenging due to the enhanced use of cloud systems, complex supply chains, and the steadily growing IT infrastructure of third-party providers.
Our Security Checkup aims to help quickly identify cyber risks and provide the basis for optimizing IT security.
The checkup essentially consists of questions taken from our extensive catalog of questions. We align ourselves with the BSI IT Baseline Protection or DIN/ISO 27001 (ISO 27001).
The condensed questionnaire for our checkup is designed to quickly and easily provide an initial snapshot of the current state of your information security.
Especially as a starting point, our checkup is suitable for getting to know each other. You also benefit from being able to take something in black and white for further rounds of discussions in your company to plan further steps.
Range of Services for Cyber Security
Further Meaningful Services within the Scope of an IT Security Audit
- Penetration Test
Penetration tests are simulated attacks from external or internal sources to determine the security of web applications, apps, networks, and infrastructures and to uncover any vulnerabilities.
- Cloud Security
Due to the increasing complexity of cloud infrastructures, many services are improperly configured. We help you identify and eliminate misconfigurations and their effects.
- ISMS
The ISMS is intended to help make information available to management, customers, and employees. For this reason, a comprehensive ISMS concept includes various policies, processes, measures, and tools. They are all designed to help identify security gaps and bring them under control in case of emergency.
- Phishing Simulation
A spear-phishing simulation is used to enhance the detection capabilities of your employees. We help you sensitize your employees and thus strengthen the last barrier.
Contact
Curious? Convinced? Interested?
Schedule a no-obligation initial consultation with one of our sales representatives. Use the following link to select an appointment: