scenario driven

We propose a risk scenario driven approach.

In a first information gathering meeting (or call) we generate an understanding what attack scenarios are to be assumed for your organisation.

Doing this allows to choose the exactly right service package for you.

Overpreparing puts effort where it is of no use – underpreparing means putting your organisation at risk.

So: choosing the right amount and type of protection is the first important step to your cyber security strategy.

Here you see a very rough categorization of scenarios so you get an idea. We get more detailed when talking together.

untargeted external

The “script kiddie scenario”: you dont expect to be an explicit target but you still expose services like web, mail, ftp to the public that might pop up when hackers do automated scans.

targeted external

In addition to the untargeted scenario you expect your organisation to be an explicit target for certain entities. In addition to automated scans individual attacs are to be expected

targeted internal

THe nature of your business demands to also assume an attacker that acts from the inside.

This might be due to stuff fluctuation or legal requirements. 

Services we provide

These are the service categories from which we will compile your individual service package.

Inventory

We generate an inventory of the devices and services you expose to the outside world. This will be the foundation of the scope of further cyber security activities

penetration test

We will attack the systems in scope individually. We go as far as we need to discover an attack vector – without your permission we will not exploit it – just document it

security scans

We do an extensive security scan on the systems in scope. Using a set of different tools we make sure to not miss anything.

training

We do cybersecurity awareness workshops for your general staff.

We can also train your IT staff in the specifics of cyber security.

 

What do you get

In any case you get a extensive documentation of our scope, findings, risk ratings and our suggestions.

All services can be run once or periodically.

If you leave your email below we will gladly send you a example report – so you know in advance what you will get.