Cyber security

The increase in national and international cyber attacks shows that companies and public authorities are faced with the challenge of risk-based threat management and timely implementation of appropriate protective measures.


The risk of falling prey to a cyber attack has now become a major problem in our globally networked world. Apart from attacks on the so-called office IT, where most data thefts are perpetrated, over the past few years hackers' sights have also been trained on industrial production.

The sharp increase in networking and digitization in areas such as smart home, smart grids, autonomous driving, industry 4.0 and digital management means that constantly more targets will be open to attack in the future and this problem will have to be addressed accordingly.

And yet 70% of companies in the German-speaking region still do not have an adequate IT security staff. This is why it sometimes takes months before strategic cyber attacks are even discovered in the corporate network. The longer an attack remains undiscovered, usually the greater the damage done. Since it is impossible to achieve a one hundred percent security level, it is essential to detect attacks early, evaluate them and counter them with the right defensive measures.

Our experts help companies and public authorities alike to arm themselves better against cyber attacks and protect themselves effectively against data theft and loss as well as against financial damage.

ISMS and risk analysis

To achieve effective protection against cyber attacks you have to introduce and further develop an information security management system (ISMS). An ISMS encompasses technical, organisational as well as personnel aspects related to the successful provision of security measures. Operators of critical infrastructures are obliged by the IT Security Act to implement an ISMS.

 

Your added value

  • We perform risk analysis.

  • We provide you with an introduction and a concept to further develop your ISMS based on ISO 27000 native and in compliance with the IT baseline protection.

  • We draft tailored IT security concepts and plans of action for you.

  • As one of the very few IT security service providers certified by BSI (Federal Office for Information Security) we prepare audits and revisions for you or perform them for you.

  • We advise you on technical and organisational matters regarding information security.

Technical IT security

Protection against cyber attacks is achieved - among other things - by implementing measures and technical specifications of IT security concepts. Such concepts ensure that your IT is safe from attacks by

  • Appropriately segmenting your systems and services,

  • Implementing suitable security gateways like firewalls and data diodes,

  • Using cryptography to encrypt and authenticate information.

For early recognition of any other cyber attacks we recommend the deployment of sensors like virus walls, intrusion detection systems or honeypots.

Aside from the implementation of security solutions, the ongoing operation of those solutions is of great significance to their success. Regular updating as well as generating and administrating necessary codes and certificates via a PKI are decisive here. The information from the security sensors is compiled in a Security Operation Centre (SOC), which captures, processes, and evaluates the information by using a central Security Information and Event Management System (SIEM). Based on this information and partially supported by a Computer Emergency Response Team (CERT), specialists activate appropriate measures to counter cyber attacks. In this case, the SOC/CERT is either operated independently by yourself or it is provided as a managed security service by an external service provider.

 

Your added value

  • We draft technical and customer-specific security concepts.

  • We identify and evaluate security solutions.

  • We make recommendations regarding the operation of your security solutions.

  • We draft specifications and technical award documents for you.

  • We assist you with the expert choice and introduction of security solutions.

  • We perform threat analyses and verify security measures through penetration tests in selected areas.

Cybertraining

IABG Advanced Cyber Range

Preparing IT experts, users, and decision makers for different cyber attack scenarios is an essential measure to ensure the effective protection of your company and public authorities.

The “IABG Advanced Cyber Range” represents a realistic simulation environment with different threat scenarios, providing participants with practical experiences that facilitate new skills, knowledge, and hands-on expertise. “IABG Advanced Cyber Range” offers the opportunity of rapidly boosting your awareness for cyber security up to the highest level and of continually improving your capacities for detecting, evaluating, and combatting cyber attacks.

We simulate various tailored attack scenarios for you, such as

  • ransomware
  • phishing
  • SQL injection
  • vulnerabilities in the operating system
  • intrusion into IT systems.

Your added value

  • This training increases the awareness of and preparation for possible cyber attacks within your organisation.

  • We introduce your IT experts, administrative staff, and experts and management to the routines required to detect, evaluate and combat cyber attacks..

  • We enhance your company's defensive capabilities.

Cyber Defence

IABG • Your IT Partner for Defence

Digitization and networking are of strategic importance in the military environment. While the so-called Military Internet of Things provides a network for traditional IT systems, it also hosts an increasing amount of sensors and actuators that are present in every digital platform and weapon system. For economic reasons, more 'commercial off-the-shelf' (COTS) products are used, which do not precisely meet the specific requirements and needs of the military. This is why cyber attacks is continually increasing in this sector.

To achieve adequate cyber security during operations, comprehensive reinforcement is required for military platforms and weapon systems. Their effectiveness can be checked with penetration tests that reveal vulnerabilities, thus ensuring the correct risk analysis. In turn, the risk analysis serves as a basis for designing technical security measures to minimise the risk. Our approach successfully meets the challenge of implementing suitable measures for the vast number of embedded systems.

We advise you on the implementation of results from recent studies and research, the development of demos, and the reinforcement of platforms and weapon systems. We make sure that you receive a comprehensive overview of the cyber situation and provide the respective training programmes..

Your added value

  • We carry out F&T studies for cyber security.
  • We design and implement technical prototypes and demonstrators.
  • We advise you on the specification, awarding and implementation of technical security solutions for reinforcing platforms and weapon systems.
  • We assist you with an introduction to and further development of comprehensive overviews of the cyber situation.
  • We draft training concepts for you.
  • We increase cyber security awareness among your staff and train the troops for cyber security.

Our References (excerpt)

We provide our services in the cyber security sector to a vast number of public and private customers. For example, we support a German federal agency with the introduction, further development and operation of its information security management system (ISMS) according to ISO 27001 based on IT baseline security. In this context we also take on the role of central contact for everything to do with information security. We advise German federal state authorities on the continuous optimisation of their existing security architecture and in the design and setting up of a Security Operation Centre and a Computer Emergency Response Team. This encompasses the central collection, processing and evaluation of all the information from security sensors in an SIEM system.