IT security

Our responsibility for secure systems

There are many systems running in your IT landscape that you or a service provider have developed? Need to make sure your confidential information is secure? You cannot make a final assessment of the risk and the hazards themselves in order to derive appropriate measures?

What we offer

  • Risk and hazard analysis
  • Intrusion Detection
  • Penetration Tests

Risk analysis

Based on an overview of your entire IT landscape, we go through common attack scenarios and quantify the possible damage as well as the probability of occurrence. Based on this risk analysis, we define alternative actions with a particular focus on critical systems.

In doing so, we analyze each relevant system in a structured manner for various security vulnerabilities, explain the risks and develop possible prevention measures:

  • An overview of all system components of your infrastructure (software and hardware) is created and sorted by risk. Depending on your needs, you can focus on network, cloud, or server management.
  • We work out which users interact with the system, what rights they have, or what damage they can cause. Solutions for appropriate user management and authentication for human and machine (IIoT) are discussed.
  • We look at data storage and who has access to that data. Is the data protected from loss or manipulation? We will look at current  encryption, backup and authorization solutions.
  • We then track the data transfer and whether the data would be visible or changeable by third parties. We discuss possibilities for end-to-end encryption.We put together a collection of all interfaces that subsystems have with each other as well as with the outside world. We then test these specifically for weak points. All client systems, such as websites and mobile apps, are also examined.
  • The “Privacy by Design” concept is used to explain how to ensure privacy and data protection, proactively reducing the risk of data leakage.

Intrusion Detection

In addition to pure analysis, we can introduce suitable tools and processes for so-called intrusion detection:  Based on known attack vectors, irregularities with suspicion of potential security vulnerabilities and data leaks can be detected automatically at an early stage, in order to be able to react quickly in an emergency.

Penetration Tests

By means of so-called penetration tests, we can systematically and specifically try to gain access to the target systems with known or newly written exploits, in order to identify urgent security vulnerabilities.

The XITASO Difference

Secure software development

Our IT Security specialists, trained according to ICO ISMS 27001:2013, are themselves practicing software developers and DevOps experts. They know the possible vulnerabilities from their daily work with the program code. Conversely, IT security expertise on best practices flows into every IT solution we implement, under the keyword “Secure Software Development”.