Information Security Consulting

Holistic IT security advice from the experts.

Security comes first

In an increasingly digitalized world, ensuring information security and maximizing the efficiency of information technology are vital for your company's success and sustainability. Serviceware comprehends the intricate and diverse challenges associated with managing and safeguarding your IT infrastructure. Our security consulting provides customized solutions to enhance your information security, streamline operational and security processes, and establish an optimal IT security architecture. Achieving effective asset protection involves leveraging technology and optimizing processes. Serviceware assists in developing tailored IT security concepts, specifying customized systems and processes, implementing information security management systems, assessing maturity levels, and conducting employee training to raise awareness.

Our approach

How to do it (security efficiency):

• Security Assessments: Validate the maturity level of your IT security
• Process Consulting: Use resilient processes to increase your security What to do (effectiveness of security):
• Build an ISMS: Manage your risks by building an ISMS
• Security Strategy and Architecture: Specify your vision of a secure architecture

 Security assessments

Your challenge:

• Limited awareness of the latest (technical) developments and best practices
• Excessive concentration on specific security aspects, often emphasizing the protection phase
• Uncertainty among management regarding the synergy of individual security initiatives Our solution:
• Alignment with proven best practices, evaluated against the core functions of the NIST Cybersecurity Framework
• Evaluation of information security maturity and identification of existing gaps
• Formulation of action plans to rectify the identified gaps

Building an Information Security Management System (ISMS)

What is an Information Security Management System (ISMS)? An ISMS is a framework comprising policies, procedures, processes, and technological measures designed to safeguard the confidentiality, integrity, and availability of information within an organization. How do we support your ISMS? Plan:

• Model the information network
• Collect and assess risks
• Specify and align security requirements Implement:
• Develop guidelines and policies
• Ensure adequate monitoring and documentation
• Assist in the selection and integration of required tools (e.g., GRC, XDR, Zero-Trust Tool) Optimize:
• Review the ISMS and compare it with best practice processes and architectures
• Update the ISMS in accordance with new standards (e.g., ISO 27001: 2022, TISAX 6.0)

Process Consulting

Your challenge:

• Frequently, processes lack security considerations, resulting in vulnerabilities (e.g., users utilizing MS Office macros in everyday operations).
• Widespread security standards such as NIST, ISO, or BSI often lack explicit criteria for the quality and comprehensiveness of security processes.
• Initiatives involving tooling and outsourcing frequently suffer from a lack of well-defined requirements, diminishing negotiating leverage and elevating risks. Our solution:
• Enhancing non-security processes: Identifying vulnerable processes and minimizing the attack surface (e.g., specifying that Office documents with macros should only be opened in secure environments).
• Refining security and core SOC processes: Identifying ambiguous responsibilities, processes (e.g., communication with the capital market), interfaces, and deriving tool requirements for the specified processes.

Security Strategy/Architecture

What is an IT Security Architecture? An architectural approach integrates various perspectives (compliance, technology, business) and ensures comprehensive consideration of all key security aspects:

• People: What constitutes a CISO organization? What roles are essential, and what guidelines should be established?
• Processes: Which processes are pivotal, and how can they effectively support the technology in use?
• Technology: What technical capabilities are necessary, and how will we ensure seamless integration and complementarity of technologies? How we support you:
• Specification of a robust IT security architecture
• Definition of required processes, capabilities, and applications
• Capability development from conceptualization to implementation
• Formulation of a long-term roadmap aligned with overall company objectives

Interim Chief Information Security Officer (CISO) and Trainings

Strategic Service Consulting also helps by providing training and interim Chief Information Security Officer (CISO) services to assist in establishing your Information Security Management System (ISMS). Interim CISO

• Definition, introduction and monitoring of the IT security strategy and the ISMS
• Planning and implementing awareness campaigns
• Support selection process for a permanent CISO Training
• Implementation of awareness training and campaigns
• Conducting CISO training for potential new CISOs
• Conducting security training for administrators