Insentis Information Security Framework© - IISF
With our Insentis Information Security Framework©, we have developed a 360° view of effective measures so that information security generates real security and not just costs. We support you in selecting and applying the tools that are truly relevant to you.
360° measures before, during and after an incident
In the context of preventive measures, it is not enough to check off checklists; a diverse set of efficient tools is required. At the beginning there is the strategic decision to implement and certify an information security management system (ISMS).
We support you in the initial development of such a management system or audit and improve your existing ISMS. Likewise, we help you with the selection and application of the technical and organizational measures contained therein, such as:
- Establishment of risk management and implementation of risk assessments
- Increase of the security awareness among the staff up to the top management
- Establishment of structured patch & vulnerability management
- Implementation of a central and comprehensive logging & monitoring system
- Establishment of Identity and Access Management (IAM) in accordance with the Principle of Least Privilege (PoLP)
- Derivation of technical and organizational measures for effective data loss prevention (DLP)
- Ensuring security in supplier relationships by embedding security requirements in contracts and conducting audits
- Establishing a monitoring and control system by defining and evaluating KPIs (key performance indicators)
- Introduction of an application security lifecycle
Furthermore, we complement your security portfolio specifically with effective operational measures such as:
- Support security requirements engineering, threat modelling and development of secure architectures according to defense-in-depth principles
- Active execution of penetration testing and code reviews
- Hardening of IT landscape according to security best practices and international standards (OWASP, CWE, CIS Benchmarks, STIG, Cloud Conformity)
- Introduction of DevSecOps & container security (Kubernetes, Docker)
- Improvement of cloud security according to zero trust principles
With a security portfolio specially adapted to your needs, we ensure the security of even your most complex applications. This includes among others:
- Web applications and web services
- Mobile Apps (iOS, Android)
- IoT und Industrial Controls Systems (ICS)
We include on-premise and cloud landscapes, for example.
- Google Cloud Platform (GPC)
In all our activities, the appropriateness and cost-effectiveness of the measures for your company have the highest priority.
There is no such thing as being 100% secure. Therefore, we help you prepare for the worst case scenario with a diverse set of efficient reactive tools. Again, the first step is the strategic decision to implement and certify a Business Continuity Management System (BCMS).
We support you in the initial development of such a management system or audit and improve your existing BCMS based on ISO 22301 and BSI IT-Grundschutz.
We also advise you on the selection and application of the process-related measures contained therein, such as:
- Development of disaster recovery planning (DRP)
- Execution of Business Impact Analysis (BIA)
- Development of risk and crisis reference scenarios
- Creation of checklists, identification of quick wins and immediate actions
- Definition of escalation levels and responsibilities
- Identification of critical processes and applications
- Implementation of feedback processes and lessons learned according to PDCA cycle
Incidents and especially crises require both increased resources and additional expertise for successful management by means of operational measures. We support you in the event of an incident with the following services:
- Incident Response in the event of an incident
- Execution of (court admissible) forensic analysis in case of hacker attacks
- Identification of quick wins and defense measures
- Planning and monitoring of crisis simulations and exercises
- Execution of recovery testing
- Testing of backup systems, processes and applications
- Testing of system and application recovery
With a security portfolio tailored to your needs, we ensure that you can master even complex crises, such as
- APT hacking attacks and malware infection,
- Hardware and software failure,
- IT process failure,
- building failure (e.g. fire & water damage) and
- Communication failure (telephony, internet).
Here, too, the focus is always on the appropriateness and cost-effectiveness of the measures for your company.