Bredex

Information Security and IT Security

Why is Information Security so important for companies?

Information security is becoming increasingly important, especially in the face of increasing cybercrime. Security must be taken very seriously, otherwise the consequences will be unpredictable. Extortion, theft of personal or business data and the failure of IT services have major economic consequences. We therefore advise you comprehensively on all questions and issues relating to information security.

ISO 27001 Consultancy

Would you like to be certified according to ISO 27001 in the medium or long term? We support you in setting up an ISMS according to ISO 27001 and help you prepare for an audit.

The ISO 27001 standard describes the specific requirements for the establishment, implementation, maintenance and continuous improvement of the documented information security management system. This standard also specifies requirements for the assessment and treatment of information security risks, adapted to the individual needs of the organisation.

Cooperation Process

  1. Proposal and initial interview. We then create an offer and a possible project plan.
  2. We arrange the first dates for workshops and set up a Jour-Fixe.
  3. Gap analysis
  4. Development of potential management processes
  5. Development and monitoring of risk management
  6. Preparation and coordination of directives
  7. Project planning and management
  8. Conduct of internal audits
  9. Monitoring of external audits
  10. Individual examination of individual subject areas
  11. Sensitization

Establishment and Operation of an Information Security Management System (ISMS)

We support you in setting up and developing an ISMS ‒ up to certified information security.

With the help of an ISMS, the complex tasks of controlling safety-relevant processes in a dynamic environment of an organization are designed and presented in a user-friendly way. This increases the security level of an organisation, reduces risks and creates competitive advantages. Compliance with legal requirements as well as voluntary and/or prescribed safety standards is paramount.

Cooperation Process

  1. Request and initial interview. Afterwards, we will prepare an offer.
  2. Advice and support in setting up an ISMS
  3. Support during commissioning of the ISMS
  4. Annual monitoring
  5. Maintaining the ISMS

In order to optimally prepare our customers for information security and to implement compliance management in a comfortable and resource-saving manner, we are now cooperating with Akarion

Incident Response Management (IRM)

Do you need assistance in drawing up a plan to deal with hazards?

An incident response is the response of an organization to an IT security incident, such as a cyber attack.

With the help of Incident Response Management, organizational and technical measures are developed to best prevent and contain the incident in order to keep the damage as low as possible.

Cooperation Process

  1. Inquiry and initial interview. Afterwards, we will prepare an offer.
  2. Creation of an Incident Response Plan (IRP)
  3. Preparing for potential incidents
  4. Identification and containment of security incidents
  5. Advice on the recovery of affected systems
  6. Incident documentation and analysis
  7. Training

Social Engineering

Social engineering in information management

We would be pleased to explain the different types of social engineering to you in a personal interview and find the right product together with you.

Social engineering refers to the manipulation of people to gain confidential information or access to certain resources. The term refers to techniques by which attackers exploit human vulnerabilities such as curiosity, greed or trust. Social engineering can be done in different ways, such as phishing emails or personal contact with a victim. In order to protect yourself, it is important to be attentive and sceptical and not to pass on confidential information without verifying its authenticity.

We offer, among others, the following services

  • Phishing
  • Spear Phishing
  • Voice Phishing
  • Smishing
  • USB-Dropping
  • Physical Intrusion Test
  • Training / Awareness Raising
  • and many more…

Our company and our departments are certified and awarded.