Cyber Security

Our Services and Expertise

• BSI IT Baseline Protection and ISO 27001

  The introduction and continuous development of an Information Security Management System (ISMS) are essential for effective protection against cyberattacks. An ISMS includes technical, organizational and personnel security requirements. The IT Security Act requires operators of critical infrastructures to introduce an ISMS. We provide comprehensive advice – based on ISO 27001 and the proven BSI IT baseline protection – also with regard to the upcoming IT baseline protection++.

  IABG is a BSI-certified IT security service provider and an inspection body recognized by the BSI in accordance with DIN ISO/IEC 17025.

   

  Our services

  • Conducting risk analyses
  • Implementation, further development and operation of an ISMS based on ISO 27000 and BSI IT Baseline Protection
  • Development of IT security concepts and action plans
  • Preparation and execution of audits and reviews

• NIS2

  With the implementation of the NIS2 Directive, not only operators of critical infrastructures (KRITIS) but also particularly important and important facilities are affected by increased security obligations. Operators of critical infrastructures must demonstrate compliance with security measures every three years, while other entities must document their compliance and are subject to random checks. IABG supports you in meeting these requirements.

  Our services

  • Conducting risk analyses
  • Implementation, further development and operation of an ISMS based on ISO 27000 and BSI IT Baseline Protection
  • Development of IT security concepts and action plans
  • Preparation and execution of audits and reviews

   

• Security Operations

  Due to the increasing and widespread digitalization and networking of IT and OT infrastructure, new attack vectors are continuously emerging, such as phishing, ransomware, and Advanced Persistent Threats (APTs). The associated risk landscape, along with legal and regulatory requirements (e.g., the IT Security Act), necessitates a stronger focus on the detection, reporting, and management of security incidents related to a company's IT and OT infrastructure. This task is typically handled by a Security Operations Center (SOC).

  Our services

  As an independent service provider, we support you through:

  • Requirements analysis
  • Design
  • Procurement
  • Implementation
  • Operational phase of a SOC

• Technical IT Security

  Protection against cyberattacks is achieved, among other things, through the implementation of technical specifications and measures from IT security concepts. These measures include initially securing your IT against attacks through:

  • Meaningful segmentation of your systems and services
  • Use of appropriate security gateways such as firewalls, data diodes
  • Application of cryptography for the encryption and authentication of information

  To detect any remaining cyberattacks at an early stage, the additional use of sensors such as virus walls, intrusion detection systems or honeypots is recommended.

  Beyond implementing security solutions, their operation is of critical importance. Regular updates, as well as the generation and management of required keys and certificates through a Public Key Infrastructure (PKI), are essential. Information from security sensors is collected in a Security Operations Center (SOC) and centrally captured, processed and evaluated using a Security Information and Event Management (SIEM) system. Supported in part by a Computer Emergency Response Team (CERT), specialists use this information to initiate appropriate countermeasures during cyberattacks. A SOC/CERT can either be operated internally or provided as a Managed Security Service by a service provider.

  Our services

  • Development of technical and customer-specific security concepts
  • Identification and evaluation of security solutions
  • Recommendations for the operation of your security solutions
  • Preparation of service descriptions and technical procurement documents
  • Support for your procurement and implementation of security solutions
  • Conducting threat analyses
  • Verification of security measures through penetration testing in selected areas

• Cyber Defence

  Digitalization and networking are of strategic importance in the military environment. As the so-called Military Internet of Things, not only traditional IT systems are being networked, but increasingly also sensors and actuators, which can be found in large numbers in platforms and weapon systems. For economic reasons, more and more commercial off-the-shelf (COTS) products that are not tailored to the specific security requirements and needs of the military are being used for this purpose. As a result, there has been a sharp increase in cyber attacks in this area.

  Comprehensive hardening is required for platforms and weapon systems in order to achieve adequate cyber security in the field. Their effectiveness can be checked with the help of penetration tests. This allows vulnerabilities to be identified, which serve as the basis for a risk analysis. Based on this, technical security measures are taken to minimize the risk. A major challenge here is the implementation of suitable measures for the large number of embedded systems.

  We advise you on conducting studies, developing demos, hardening platforms and weapon systems, creating cyber situation pictures and designing training programs.

  You can find out more about our services in the field of cyber defense and resilience HERE.

   

• Additional Services: "Secure Digitalization"

  • Secure network architectures
  • Secure control centers and situation centers
  • Secure AI
  • Secure cloud and IT infrastructures
  • Secure satellite navigation
  • Secure collaboration platforms
  • Secure radio systems