Cyber security

The world of business and authorities has changed dramatically in recent years. As result of increasing cross-linking and automation of processes new and complex challenges constantly rise. Apart from traditional management tasks, safety and risk management have increasingly come to the fore in daily management of companies or authorities.

Based on proven methods and standards, IABG offers organisations instruments to manage financial, technological and business-related risks and thus securing the entrepreneurial success on a long-term basis. Among these tools are:

Cyber security & defence, Management of information and IT security

Security and reliability of information technology systems are decisive when generating competitive advantages and creating value. Transparent and adaptive security and risk management systems are crucial for performance-boosting decision and management structures. Comprehensive and organisation-wide information security requires a holistic view of dynamic and complex changes in society – from public institutions, defence, up to businesses – with an ever increasing ICT dependency.

Our portfolio:

  • Introduction of Information Security Management Systems (ISMS) in line with ISO 27001
  • Preparation of guidelines on information security and IT security policy
  • Development of strategies and plans to protect network infrastructures and information (KRITIS / CIP, CIIP)
  • Threat and dependency analyses (ICT dependencies, sourcing, SLA management)
  • Organisational development as well as governance, risk management, and compliance management guidelines
    • Development of governance, as well as of a strategic and operative risk policy
    • Definition of company-specific targets and risk maps, selection of relevant control standards
    • Definition of adequate assessment procedures, control strategies and instruments
    • Determination of adequate approaches to test and ensure risk management and compliance efficiency (IT audit, ICS)
    • Definition of a corporate target-risk reporting scheme
  • Innovation management for convergence issues (eMobility, smart energy, mobile business)
  • Studies and accompanying research on safety & security issues

 

Protection of vital infrastructures

Protection of vital infrastructures and BOS digital radio security management

IABG has consulted and supported customers in the sector of protection of critical / vital infrastructures in national and international context for many years. Only a holistic approach meets the diverse and interlinked requirements of critical infrastructures – specifically focusing on ICT infrastructures – and the needs of all parties involved in their protection. IABG’s expertise extends to the operation of critical infrastructures, such as BOS digital radio systems.

Our portfolio:

  • Studies and dependency analyses to protect vital infrastructures
  • Extensive BOS digital radio security management
  • Preparation and operationalization of protection and specialist concepts, as well as guidelines (access, authorisation)
  • Emergency and continuity management (Business Continuity Management) among others, in line with BSI 100-4, BS 25999
  • Planning, execution and analysis of scenario-based exercises
  • Technical consulting on how to introduce system components for efficient operation
  • Development and integration of decision-supporting systems

    Functional safety, compliance and process quality

    Whether system integrators, solution providers, suppliers or OEMs  in automation, transport / automotive, energy, avionics and logistics – IABG consults and supports numerous customers with regard to functional reliability and cyber security of complex networked embedded systems. We introduce processes in line with standards and directives (among others, acc. to IEC 61508, IEC 61511, ISO 26262) and ensure compliance. These measures are accompanied by security, risk and criticality analyses, to generate an optimum level of system integrity.

    Our portfolio:

    • Management und assessment of functional safety issues (FSM)
    • Consulting and criticality analyses on cyber physical systems / embedded systems
    • Functional safety concepts, assessments and audits (ISO 15504, IEC 61508 / ISO 26262)
    • Determination of safety levels (SIL and/or ASIL)
    • Assessment and optimisation of process quality
      based on maturity models (CMMI, ISO 15504, among others)
    • Safety & security manuals for industrial application
    • Independent validation, qualification and verification (V model XT, etc.)
    • Software requirement management and evaluation, safety compliance
    • Risk reduction and securing the safety life cycle
    • Implementation of safety processes:
      • Automotive (IEC 61508, ISO 26262)
      • Aerospace (e. g., DO 178B)
      • Defence (e. g., MIL STD 882)

    Risk analyses and IT security concepts in line with ISO 27001 on basis of BSI - IT baseline protection principles

    IABG links security to the compliance with legislative requirements, the continuity of operation of network infrastructures and the proactive protection of intellectual property as well as the prevention of industrial espionage. Only businesses that recognize the risks in their IT sectors and processes with an effective risk management in place, can prevent economic loss.

    We audit and assess IT processes, IT systems and networks in line with standard acknowledged in Europe and world-wide. We provide tailored IT security concepts in line with BSI baseline protection principles.

    Our portfolio:

    • Risk analyses in line with BSI standard 100-3, ISO 27005, ISO 31000 (among others, for instance simulation of damage scenarios and damage distribution, quantitative calculation of probabilities of occurrence, risk correlations on process level, rating of IT clusters, Monte Carlo simulations)
    • IT security concepts in line with IT baseline protection BSI 100-2, ISO 27001/2 and ZDv 54/100 standards as well as system-specific security concepts (civil, military)
    • Individual high security IT baseline protection compliant components
    • Security checks and criticality analyses (FMEA, Hazop, etc.)
    • Tool-based revision of existing IT security concepts
    • Reports preparation and automation
    • IT baseline protection trainings and awareness campaigns
    • Selection and evaluation of tools

       

      Audits, IT security Audits, IT security audits, crypto-inspections and security reportsudits

      Audits, IT security audits, crypto-inspections and security reports

      With its InfoCom division, IABG has been a renowned provider in the sector of Information Security among numerous key customers for many years and has successfully tackled the most diverse tasks. In addition to security management and the development of standard compliant IT security concepts BSI-IT baseline protection-compliant audits and the analysis and assessment of vulnerabilities via targeted cyber-attacks are becoming more and more important.

      The German Federal Office for Information Security (BSI) officially certified IABG as IT security provider within the scope of application of IS Revision and IS Consulting and as accredited laboratory.

      Our portfolio:

      • consulting on and implementation of audits (targets: Auditor certificates “Einstiegsstufe" or “Aufbaustufe“ and/or for the BSI certificate ISO 27001 on basis of IT baseline protection principles)
      • implementation of  IT security audits in line with the “guidelines for IT security audits on basis of the BSI IT baseline protection“ (e. g., compendious revision, cross-section revision, partial revision)
      • implementation and support of customer-specific audits, IT revisions and special audits (incl. additional security scans)
      • crypto-inspections and security audits

         

        Cyber security practices (Vulnerability analyses)

        Cyber security practices (Vulnerability analyses)

        IABG supports manufacturers in their development phases with the certification of their systems and products in line with common criteria (CC) and technological directives (TR) of the BSI. We examine security measures with regard to their adequacy, effectiveness, completeness, conformity and compliance, as well as regarding the increasing vulnerability of systems (e.g., SCADA) and ICT networks.

        Secure data management, detection and monitoring, as well as classic protection measures for internal ICT networks are indispensable IT security tools and vital for the protection of critical infrastructures.

        Our portfolio:

        • cyber security & defence strategies as well as policy development
        • vulnerability analyses for ICT networks, administration and database management systems and many more
        • penetration tests, security scans, vulnerability analyses (GIAC certified )
        • examination of specific ICT network configurations (hardware, software)
        • in-development support in line with common criteria and preparation of technical guidelines
        • analysis of human-processes-technologies
        • training and awareness initiatives
        • test management and tests
        • operation of Living Cyber Security Labs

           

          Crisis management, exercises and tools

          Crisis management, exercises and tools

          Government, business and society are repeatedly confronted with the question of what security risks can be regarded as tolerable despite the steps already taken and how they can be tackled. IABG consults its customers on these issues and provides extensive strategies for prevention and crisis and disaster management. In addition to that IABG supports crisis units and emergency task forces with the preparation, implementation and analysis of crisis and emergency exercises in line with human factors practices.

          Our portfolio:

          • threat analyses and crisis management / exercise support
          • staff qualification and training, crisis and error management
          • scenario and script development
          • tool-based implementation and evaluation of exercises (emergency task forces / crisis units)
          • human factors support, research and person-system-integration
          • observation and analysis for network enabled operations and complex processes/organisations
          • modelling and simulation (in line with proven standards, such as BS 25999, BSI 100-4, among others)
          • human behaviour representation, experimental analysis, personal assessment