To consider and evaluate the current state of a system or system network regarding cyber security, it is necessary to consider possible threats.
INCYDE supports you in addressing possible threats based on national or international standards as well as our many years of experience. By selecting and evaluating the individual threats, a detailed picture of current and future risks can then be generated.
In order to identify and prioritize measures, a detailed examination of the risks is required. We support you on this path to manage investments in security in a result-oriented and efficient way.
The risk assessment is based on the respective current threat situation (see Threat Analysis) and includes measures already implemented or planned. Remaining risks are mitigated by implementing additional measures if acceptance of the risk is not possible.
With a focus on IT security for OT applications, we check the suitability of the test object for its intended use and the correct as well as complete implementation of the underlying requirements based on the documents submitted. For this purpose, we create the necessary validation plans as a basis and the validation report as a result of the examination of the subordinate test and inspection reports.
The strategy describes the procedure through the IT/OT project life cycle, starting with the choice of the project model, the setting of priorities considering your specific requirements and the view of on time, cost as well as quality factors.
We accompany you in the strategy process, developing decision options and recommend which direction is best for you.
Planning of tasks, communication with the stakeholders and the management of the project team are activities in which we support you. Whether agile process model, waterfall or V-model, our experts will get your project on track.
We accompany you through the entire project lifecycle, from requirements analysis and system specification to implementation and acceptance.
Quality Control & Testing
To ensure the complete fulfillment of IT security requirements from specification documents, we create subject-specific test plans and practically applicable as well as traceable test descriptions.
If required, we check existing test plans and procedures for practicability and completeness.
Business Continuity Management
In an emergency it is important to assess the situation quickly as well as correctly and to react appropriately.
We support you to identify critical assets in a business continuity management system in advance, to define maximum tolerable downtimes and to create sufficient recovery plans. This ensures that in the event of cyberattacks, elementary business processes return to normal operation as quickly as possible and new attacks are prevented.
IT/OT Security Design
The design of a secure system architecture plays a decisive role in project implementation. The focus relies on the fundamental IT security goals: resilience, availability, confidentiality, integrity, authenticity and non-repudiation.
Regardless of whether you want to secure an existing system or need a security concept and architecture for a new system implementation. We bring technology knowledge from numerous IT/OT projects and years of IT security know-how to implement your IT/OT security architecture and security specifications according to the principle of "security-by-design".
In addition to hardware and software security systems, awareness of employees is essential for a holistic security strategy.
Besides our numerous IT/OT security awareness contents, we create individual security awareness trainings. This includes on-site as well as interactive online/video trainings and workshops. We are also happy to support the digitalization of your learning content on electronic learning platforms.
If an explicit expert opinion is required for normative or regulatory reasons, we evaluate the results of a previous validation as independent experts from the perspective of IT security. Among other things, we check validation plans and reports as well as their execution for correctness, completeness, and suitability.
An ISMS (Information Security Management System) is not an application or a piece of software. It describes the structure and implementation of a concept to ensure information security in the organization.
We support you in realizing processes, guidelines, and measures to increase the security level of your organization and to minimize security risks.
KRITIS Audit Support
Critical infrastructures (KRITIS) with systems of major importance to the community must be protected against failure. Through the IT Security Act (IT-Sicherheitsgesetz), the BSI requires proof in form of the §8a audit every two years.
We guide you through the §8a audit to provide the necessary evidence of the measures taken to prevent failures and threats, while bringing your organization to a higher level of security.