Information Security & Risk

Strategic innovation factor information security

The need to effectively protect information and data against loss, modification or theft is recognized by many companies as a core task of a successful digital transformation strategy. However, the identification and analysis of relevant security risks and the derivation of targeted and effective measures for risk management is a complex and cost-intensive process for many organizations: risks and opportunities of setting up a company-wide information security management system are closely related.

We bring in the expertise of our ISM consultants* in a flexible and task-oriented workshop- and coaching-based manner up to the complete long-term ISM on-site support.

Preserving digital skills even in the event of an IT crisis

The increasing complexity of networking, communication and IT technology continuously presents companies with new challenges in the field of IT emergency and IT crisis management. In addition, many industries are under increasing regulatory pressure to implement specific requirements for IT-related risk management. And the pressure to establish powerful and transformation-proof IT emergency management systems will continue to increase in the coming years.

AEQUITAS SENSUS supports medium-sized and large companies in developing, setting up and optimising business continuity management systems (BCMS) as well as IT emergency management on the basis of nationally and internationally established better-practice approaches such as ISO 22301, ISO/IEC 27031 and BSI Standard 100-4.

Effective data protection through holistic control

Against the background of constantly changing threat situations and continuously evolving legal foundations, maintaining effective and appropriate protection of personal data is no longer an isolated task for individuals. The risks for companies resulting from the processing of personal data are expanding comprehensively, especially through digital transformation, and can no longer be controlled by individual measures or technical partial solutions. Increasingly, data protection can only be ensured without restrictions by taking a holistic view of the complete life cycle of data and information.

With the original Integrated Security & Privacy Management Framework, AEQUITAS SENSUS offers medium-sized and large companies in all industries the effective and evidence-oriented possibility to efficiently combine data protection and information security and to fully understand, analyse, monitor and control the full life cycle of the processing of personal data.

More success in digitisation through effective treatment of cyber risks

The digital transformation creates a global and digital world. Broad and deep data and information networking creates enormous potential for improving performance and solving complex problems. However, cyber risks can make it difficult or even impossible for companies to exploit these advantages and opportunities for their own success.

AEQUITAS SENSUS develops cyber security models and addresses the necessary elements of an effective corporate strategy for cyber security. Based on the individual requirements and specifications of the company, governance, compliance and risk management are recorded and the coverage of these requirements by the existing control systems is analysed. Supported by the organisational and technical experience of AEQUITAS SENSUS' cyber experts, companies are enabled to make tailored and secure decisions on how to deal with cyber risks and thus improve their resistance to an expanding threat situation from the cyber space.

  1. 1

    Our consultants are familiar with the requirements for standard-compliant and effective control systems for information security. It goes without saying that program and project tasks can be implemented with accurate results, even against the background of reduced time frames and resource options. The IS experts at AEQUITAS SENSUS are familiar with the requirements of IT security and the Chief Information Security Officer (CISO) as well as those of executive boards and managing directors.

  2. 2
    Procedure model:

    AEQUITAS SENSUS is a partner for the development, construction and optimisation of control systems for information security (ISMS) in medium-sized and large companies in the trade, transport, manufacturing, logistics, food, energy and finance sectors. The ISMS is developed on the basis of the technical basis chosen by the client using the project-safe SENSUS methodology, which defines the necessary scope of implementation to achieve the correspondence to the chosen framework, starting from the initial analysis of the current situation on the process, procedure and technology level. The inclusion of the individual strategic, organisational and technical requirements of the companies is comprehensively ensured in all phases of implementation. Within the framework of SWOT analyses and goal-setting workshops carried out together with the client, the scope of the targeted ISMS is defined and directly linked to the corporate goals in order to enable long-term accuracy of fit and growth security of the ISMS, also with regard to functional and business management requirements.

  3. 3

    • Development and establishment of control systems for information security based on ISO/IEC 27001, BSI IT-Grundschutz or industry-specific or regulatory versions of ISO/IEC 27001
    • Optimization of control systems for information security (increasing maturity, preparation for certification)
    • Maturity analysis as part of the preparation for certification (GAP analysis)
    • Impact assessment of existing ISM procedures (quantitative, qualitative)
    • Implementation of training and information measures in the context of ISMS implementation
    • CISO-Advisory
    • Interim CISO
    • External Information Security Officer
    • ISMS extension to comply with § 8a BSIG (KRITIS, KritisV)
    • Suitable test within the meaning of § 8a BSIG for the provision of evidence to the Federal Office for Information Security (BSI)

  1. 1

    The AEQUITAS SENSUS BCM team supports companies in the design, development and optimisation of systems, procedures and methods for business continuity in emergency and crisis situations. Our ISO 22301-certified lead auditors and consultants offer extensive experience in the implementation of program or project-related BCM tasks.

    Irrespective of the size or industry affiliation of a company, the objective is always the cost-efficient and focused establishment of requirements, procedures and methods for the safe management of emergencies and crises that are precisely aligned with the company's objectives and existing legal, statutory or industry-specific regulations.

  2. 2
    Procedure model:

    In order to be able to cope with business threats with suitable organisational structures, processes, procedures and individually derived measures, AEQUITAS SENSUS has developed effective methods for testing, setting up and improving business continuity management systems (BCMS).

    Our experts are guided by technical better practices and professional project implementation procedures based on international standards. The current market conditions, regulatory requirements and developments relevant to the individual company as well as the control loops established within the framework of the existing control systems for corporate risks are used as the basis for the technical derivation of the control system to be established.

    The central criterion for success here is the integration of the organizational and technical areas relevant to the company in order to ensure that the necessary perspectives and requirements are fully covered. This requirement is realized by means of preparatory technical workshops (onsite, offsite, remote), the results of which are determined as a binding basis for implementation in the course of internal company consultations.

  3. 3

    • BCM Maturity Assessment
    • Design and implementation of business impact analyses
    • Conception and development of control systems for business continuation (BCMS)
    • Optimization of control systems for business continuation (BCMS)
    • Emergency and crisis simulations
    • Tests and exercises of organizational and technical procedures of business continuity and IT service continuity management
    • Implementation of BCM training courses and information events

  1. 1

    Every company that processes personal data has to face the specific risks and challenges that arise from it. Due to the existing legal basis and the rapidly changing threat situation in the area of cyber security, data protection risks are no longer downstream sub-risks: the successful management of data protection and data security pays directly to a core corporate risk.

    The development and establishment of an integrated control system for data protection and information security (or the supplementation of an existing ISMS with data protection-specific specifications, methods and procedures) offers the necessary holistic and integrated approach to meet the comprehensive requirements. The use of existing long-standing experience and knowledge based on best and better practices in the targeted and efficient design of control systems for information security, business continuity and IT risk management enables the specialists at AEQUITAS SENSUS to achieve the goal set by many companies with measurable success: Improving the effectiveness, measurability and cost efficiency of data protection and data security.

  2. 2
    Procedure model:

    The G

    The design and development of an integrated control system for data protection and information security is based on professional consulting and project management approaches. AEQUITAS SENSUS offers the necessary technical reliability through the many years of experience of its data protection and information security consulting team. Taking into account the relevant business and strategic criteria of the company, the existing processes, specifications, procedures and methods are analysed and the gaps with regard to the defined target image are determined in a comprehensible manner and the specific business risks resulting from this are pointed out.

    The technical implementation and operationalisation of the integrated control system for data protection and information security is carried out in an iterative and collaborative work process, in which the project team ensures the ongoing involvement of all relevant parts of the organisation. Comprehensibility, transparency and constructive feedback loops are self-evident implementation requirements.

    We also support you in the commissioning and further development of an integrated control system for data protection and information security. Information and training measures are just as much a part of the services provided by the AEQUITAS SENSUS team of experts as the standardised and procedurally reliable checking of maturity levels and defined performance parameters as part of the continuous improvement process.

  3. 3

    • Development of corporate strategy for data protection and information security
      (Enterprise Privacy Strategy)
    • Execution of stock situation analysis (GAP analysis)
    • Procedure-based impact assessment Inventory procedure
    • Development and construction of an integrated control system for data protection and information security based on ISO/IEC 27001 and extension ISO/IEC 27701
    • Development and setup of data protection-related control set based on COBIT 5
    • Training and information actions Integrated data protection

  1. 1

    The protection of information assets and the personal protection of a company's employees are ensured by the ability to respond quickly, purposefully and effectively to emerging cyber threats. Organisational and technical measures are improved in their efficiency and form the basis for ensuring the protection of even ambitious digitisation programmes through continuous optimisation.

  2. 2
    Procedure model:

    Effective measures to deal with cyber risks are based on the precise analysis and presentation of cyber risks relevant to the company. The risk situation can be assessed either independently by AEQUITAS SENSUS experts or as part of a joint assessment. The central result is the quantification of the identified risks and the reliable classification of the threat situation, also against the background of growth or transformation targets.

    Based on the results of the analysis, the company-specific cyber strategy is developed, the implementation of which addresses the relevant cyber risks for the company and is established with the aim of reducing the threat situation. The strategy formulation and implementation is usually carried out by developing comprehensible "Cyber RoadMaps" with immediate action guidelines, which enable a project-oriented realization of the security goals for the company.

    AEQUITAS SENSUS accompanies, supports or is responsible for the implementation of the cyber strategy defined by the company and also offers intensive support during the implementation phase regarding the need to update and adapt the planned or implemented measures against the background of current changes in the cyber threat situation.

  3. 3

    • Cyber risk analysis (identification and presentation of the actual situation)
    • Development of a company-specific strategy for dealing with cyber risks
    • Development of cyber roadmaps for strategy implementation
    • Review of organizational and technical control sets (effectiveness measurement)
    • Third Party Cyber Security Management Review
    • AEQUITAS SENSUS CyberRisk Assessment (internal controls)

WordPress Cookie Plugin by Real Cookie Banner