Information Security Management

  • Contact

    • AdNovum can help you with the following aspects of information security management.

     

  • Cyber Security Assessment

  • Vulnerability Scan

  • Penetration Test

  • Development of policies, concepts and strategies

  • Development & Implementation of an ISMS - or advancement of your existing ISMS

  • Information Security Officer as a Service

    • Cyber Security Assessment

    Your organization is all set with its digital transformation plans, but after reading about ransomware like WannaCry and Petya, your confidence is shaken. You begin worrying if there are similar security risks within your system or your system's plans.


    Utilize our cyber security assessment to eliminate doubt and find out exactly where potential security risks lie within your IT landscape. Explore countermeasure options to close security gaps, while ensuring maximum business productivity.

     

    Your IT landscape is constantly changing due to new requirements. With digitalization, business-critical elements are increasingly dependent on IT processes and infrastructure. It is therefore crucial that your IT systems are well protected to minimise security breaches.

     

    Is your IT security lagging behind evolving threats? Where exactly are the security risks in your existing system?

     

    Accurately assess your existing IT security today and begin enhancing your system's information security.

    A neutral analysis of the current situation and appropriate measures help steel your IT systems against cyber attacks. We identify the main risks and review your existing security arrangements.

     

    We then identify risks that would be better covered by leveraging on an insurance policy, and those that can be handled in-house.

    A cyber security assessment instills new risk awareness, allowing your organisation to better evaluate and implement countermeasures. When considering cyber security insurance for instance, conducting effective situation analysis and implementing appropriate measures will be crucial in identifying cost-effective products.

     

    After the cyber security assessment, your organisation is better equipped to understand and therefore respond to IT security threats.

    Our cyber security assessment is based on decades of experience in information security and IT security for both the public and private sectors. Following the assessment, we can help your organisation decide on specific measures, the planning, and the technical and organizational implementation.

     

    As a result, your organisation receives all-round protection and enhanced clarity on how to protect valuable data from proliferating cyber threats.

    Downloads

  • Cyber Security Assessment (PDF, 164 KB)


    • icon cybersecurity assessment
    icon vulnerability scan

    Vulnerability Scan

    A vulnerability scan is a semi-automatic scan of IT systems to find known vulnerabilities. Such a scan needs to be adapted and configured based on the conditions encountered. The results of the scan are then analyzed in the context of the conditions.


    As the IT landscape is constantly changing and new vulnerabilities are discovered, it is recommended to perform vulnerability scan periodically and keep an eye on any changes in the results.


    The experts at AdNovum perform vulnerability scans for you, analyze and interpret the results and keep track on the changes and the progress of the results of periodical scans.

    Penetration Test

    In contrast to a vulnerability scan, a penetration test is mainly a manual examination of the security of your IT systems. Or in other words it is a simulated attack of an experienced attacker. There are different types:

     

    Web applications are attractive targets for attackers as they are usually widespread and exposed. Software development departments or teams do not always pay the necessary attention to security as other requirements are in focus. Such shortcomings should be identified with a penetration test.


    Usually web applications are accessible from the internet and can therefore be tested without further access provisioning. If a web application is only used in an internal network, it is necessary to get the appropriate access to perform the tests.

     

    With increased mobility and the possibility to access services and applications through a mobile phone, mobile applications are becoming a more attractive target for attackers.


    To preempt the attackers our experienced and knowledgeable employees test your mobile applications for the most common operating systems such as iOS and Android.

     

    When performing a network or infrastructure penetration test, a defined IP range or network area is analyzed. Thereby the services available are identified and probed by trying to attack them.


    Target areas can be internal networks or systems that can be accessed from the internet.


    If internal networks are tested it is necessary to receive the corresponding access rights to test the network and its services. In such a scenario an attack from an employee or from an attacker that already gained access to the internal network can be simulated. 

     

    Similar as with the vulnerability scans, for penetration tests it is recommended to perform them periodically and keep an eye on the changes in the results.

     

    icon penetration test
    icon development concepts

    Development of policies, concepts and strategies

    You would like to develop a clear strategy and concept regarding information security and define an information security policy for your employees, but you are not sure where to start?


    AdNovum can help you develop ideas, create concepts and to find the best ways to communicate policies and rules to your employees or external suppliers or partners.

    Development & Implementation of an ISMS - or advancement of your existing ISMS

    Nowadays everybody expects secure solutions. However, usability should not suffer from the implementation of security aspects. An Information Security Management System (ISMS) provides a holistic view of the information security risks of a company and possible measures to mitigate the risks. The level of security that should be achieved by a company can be controlled with a properly implemented ISMS.


    AdNovum can help you develop, implement and validate aspects of an ISMS to balance the two converse requirements. Furthermore, we can support you by writing data-security concepts, preparing trainings for your employees or implementing business continuity management .

    icon development isms
    icon information security officer as a Service

    «Information Security Officer» as a Service

    As an «Information Security Officer» we can support you in the following areas:

     

    • Maintain and further develop the ISMS (Information Security Management System) according to ISO 27001/2
    • Performance of risk assessment and definition of appropriate measures
    • Definition of information security policies
    • Plan and support the implementation of measures to improve the information security awareness of employees
    • Support the planning and realization of various information security projects
    • Coordination of projects with relevance for the information security
    • Support the implementation of an appropriate security architecture

    Standards

    Most of the time we use one of the commonly known Standards:

    • - BSI Baseline Protection
    • - ISO/IEC 2700x
    • - PCI DSS (Payment Card Industry Data Security Standard)
    • - CIS Top 20 Critical Security Controls for Effective Cyber Defense
    • - NIST Cyber Security Framework
    • - COBIT 5 for Information Security

     

    However, depending on your needs and requirements we also use other standards such as industry specific standards for ISO/IEC 27002; ISO/IEC 27799 for Health informatics, ASVS (Application Security Verification Standard), MASVS (Mobile Application Security Verification Standard), OWASP Testing Guide, OWASP Mobile Testing Guide, CVSSv3, …

     

    icon for standards

    Contact us – we are pleased to help!

    Did you not find the answers you were looking for? Do you have other IT and cyber security related questions or topics that you would like to discuss? Please do not hesitate to contact us!

    Tim Beutler Principal IAM Engineer