Deutsch (DE-CH-AT)English (United Kingdom)
  • How can attacks be avoided?

    ✓ Ensure essential controls are met
    ✓ Find, track, and assess data
    ✓ Monitor event logs

  • What do attacks have in


    75% were not discovered
    83% were not highly difficult
    87% were avoidable

  • How do breaches occur?


    62% system error
    59% hacking and intrusions
    31% incorporated malicious code
    22% exploited a vulnerability
    15% physical threats

  • Who is behind data breaches?


    73% resulted from external sources
    18% were caused by insiders
    39% implicated business partners




Home Consulting Risk Management
Risk Management & Emergency Planning

Increasingly higher statutory and supervisory requirements are being set for company security. Standards such as Basel II, which requires functioning IT security management as part of company risk management, is only the start of the provisions to follow in the future. In principle, the structure of company processes and arrangements should be left to the companies to decide at their responsibility the security measures necessary. First the confrontation with a serious incident using the precautions taken brings around a possible review of the legislation. It is of no importance thereby, whether processes or whole departments are relocated to other companies. Liable in this case is solely the director or management, if the IT department cannot be proved to have committed any errors. In order that it doesn't come to such an uproar, it is worth having the existing processes and infrastructures tested and evaluated through external service providers. The aim of adequately protecting company data must be the highest priority. This provides us with the task of building up IT baseline protection consisting of organisational, personnel and technical measures via all IT components. IT components particularly requiring protection must also be secured with additional security measures. It is a challenge to achieve such adequate protection with an economically justifiable input. IT risk management is the continual exercise of the company, to systematically plan, implement and control an adequate level of IT security.

Our company has set itself the objective of supporting you in the following four phases:

Phase 1: identification of the components to be protected

Starting with business processes, the critical components are identified. They are divided into applications, systems and infrastructure and externally or internally operated. On the basis of this classification, the further procedures concerning the necessary IT security provisions are defined.

Phase 2: Conducting the analysis of protection requirement

The identified components are subjected to standardised protection requirement analysis. The following points are hereby considere:
  • How probable is damage to the components?
  • What is the procedure in the event of failure?
  • How necessary is each viewed component?
  • does the data exchange between individual components and as how critical should these be classified?

Phase 3: Setting up comprehensive IT baseline security

In this step, the identified components are collected into groups of equal priority and provided with IT security measures, which can be either technical or organisational. The description of the provisions on IT baseline protection is linked.

Phase 4: Emergency planning

This steps builds on the findings of the protection requirement analysis. If the availability requirement exceeds a limit to be defined, we design procedures of how you should act in an emergency. This is equivalent to a business continuation plan for processes and applications or a new start plan for the systems.

A risk management project with the originating procedures and documentation can only exist in everyday life if this process is continually lived. Repeated exercises such as tests, updating and assessment must be executed with the same diligence as the first four phases. It could be expensive if a crisis is wrongly reacted to or a new system is not contained in the emergency handbook. We want our services to offer you adequate assistance, to find the correct solution for you. We hereby support you in data collection, evaluation, and selection of the correct management application.

We are looking forward to meeting your challenge.

Quick Links

A one day security check for your infrastructure.

IP Vulnerability Scan

Attacks on your external systems to determine potential risks.