Frequently Asked Questions
Does the monthly price include the handling of incidents or are these additional costs for us
The engagement includes the mitigation playbooks which are discussed during the setup. So the monthly price includes the incident handling for the 10 most critical threats within the context of your organisation.
Do you improve your threat analysis controls continuously during the engagement?
Yes of course. This is the part of our service.
How does your service work?
The base is the structured analysis of your processes, IT-components and networks. Together we identify your specific threats. Then we propose a set of logs which we manage and use for threat analysis. For the ten most critical threats we create appropriate mitigations in form of playbooks. Apart from these playbooks you benefit from playbooks that we already created as part of our service.
COVID-19 and climate change are two examples of crises that affect everybody, and make everybody talk about disaster management and the need for strong systems to avoid the worst. Unfortunately it’s human nature to forget the bad times as soon as they are over, and turn back into the proverbial grasshopper who spends the good […]
Recently we had a presentation at the anual sernet conference, see video [in German] and the presentation. Sernet provides the most widely used ISMS tool in Germany. The software is based on an a long open source history. Technologically it uses the Eclipse Rich Client Platform (RCP). Our contribution was an Add-on for Verinice (see […]
To have a good monitoring solution is essential for managing availability at enterprise level. So many organizations start with open source technology to visualize parameters. Grafana is used often and there are many complementing software pieces, which together create a mature environment. This tends even to influence the security management as well. A customer required […]
For hardening you should use the best practice in form of the Center for Internet Security (CIS) benchmarks. Each benchmark contains a number of single atomar tests that are well described and discussed in the CIS expert community. Before a benchmark is finally published it runs through a defined quality assurance process which is kind […]
Transparency is one of our core values, and one of the basic principles of the GDPR. The ideal Users, by which we mean citizens, partners, clients and customers, have a right to know what is going on with their data. Ideally documentation should be provided in a clear, easy to understand format, reformatted for the […]
Not many companies expect to be hacked. Often it happens because their security controls don’t cover all of the possible business vulnerabilities, or the budget is invested in the wrong areas. Whether we are talking about penetration testing or auditing, a security engineer’s job is to reveal and deal with the unexpected. We are often […]
Some people don’t really like our name – it is a bit too much like we’re giving an order. Others are happy to have confirmed what they know is true. We were in Jerusalem, in early February on a very sunny day – if you come from Berlin, like we do, you would almost say […]