Based on an overview of your entire IT landscape, we go through common attack scenarios and quantify the possible damage as well as the probability of occurrence. Based on this risk analysis, we define alternative actions with a particular focus on critical systems.
In doing so, we analyze each relevant system in a structured manner for various security vulnerabilities, explain the risks and develop possible prevention measures:
- An overview of all system components of your infrastructure (software and hardware) is created and sorted by risk. Depending on your needs, you can focus on network, cloud, or server management.
- We work out which users interact with the system, what rights they have, or what damage they can cause. Solutions for appropriate user management and authentication for human and machine (IIoT) are discussed.
- We look at data storage and who has access to that data. Is the data protected from loss or manipulation? We will look at current encryption, backup and authorization solutions.
- We then track the data transfer and whether the data would be visible or changeable by third parties. We discuss possibilities for end-to-end encryption.
- We put together a collection of all interfaces that subsystems have with each other as well as with the outside world. We then test these specifically for weak points. All client systems, such as websites and mobile apps, are also examined.
- The “Privacy by Design” concept is used to explain how to ensure privacy and data protection, proactively reducing the risk of data leakage.