Frank Gerber
Cybercrime is big business. Even the smallest attack can cause enormous damage to your company's reputation, productivity and IT systems. You must be aware: any company or organization (from small businesses to multinationals), large or small, may one day become a victim. Be prepared and limit the damage: that is the message.
Through our IT & Controls Assurance experts, we offer you support in the following areas with our audit and assurance services:
Audits for Network and Operating System Security:
As part of our activities in the field of cyber security, we offer audits at a high technical level. Our experts are at your disposal for the following topics:
- Recording and detailed technical tests of concepts and measures for securing network infrastructures (including firewalls, intrusion detection system).
- Recording and detailed technical tests of concepts and measures for securing Windows-based server systems and Active Directory domains (including system configurations, access security, administration of user/group accounts, group policy objects, share/NTFS permissions, patch/update management).
- Recording and detailed technical examinations of concepts and measures for securing Unix/Linux-based server systems (including system configurations, administration of user/group accounts, file system security, NFS shares, system/network services, patch/update management).
Penetration test
We offer our clients penetration tests, which include a comprehensive security test of individual computers or networks regardless of their size. The penetration test uses security scanning software and tools that a potential attacker ("hacker") would use to penetrate a system without authorization.
The penetration test thus identifies weak weaknesses of the defined system against such attacks, which can then be closed in a targeted manner.
Testing of the IT security based on IDW PS 860 in conjunction IDW PH 860.2
The German Federal Office for Information Security (BSI) has recently published notes on the implementation of the criteria of § 8a para. 1 BSIG for the assessment of information security for operators of critical infrastructures. This catalog of requirements represents a specification of § 8a para. 1 BSIG by the BSI and contains, from the point of view of the IDW, suitable criteria for the proper testing of the security measures used in order to be able to provide the required test evidence to the BSI.
The IDW audit note "The audit of the measures to be implemented by operators of critical infrastructures according to § 8a para. 1 BSIG" (IDW PH 9.860.2) is based on this BSI requirements catalog. It specifies the application of the principles of IDW PS 860 with regard to the examination of critical infrastructure operators by the profession. From the point of view of the BSI, effectiveness tests according to IDW PH 9.860.2 are particularly suitable for providing the required audit evidence according to § 8a para. 3 BSIG.
Our specialists have project expertise in the execution of the so-called "§ 8a audits" and will be happy to support you.
Cybersecurity check based on IDW PS 860 PH 860.3
Cloud computing is characterized by a high degree of standardization of the service provided and the underlying IT systems and therefore requires a high degree of trust by the cloud customer in the cloud provider.
Our examinations are based on the IDW Auditing Notice IDW PH 9.860.3.
This IDW auditing notice: "The auditing of cloud services (IDW PH 9.860.3)" specifies the application of the principles of IDW PS 860 regarding the auditing of cloud services. For the Infrastructure as a Service (IaaS) service model, IDW PH 9.860.3 refers to the "Requirements Catalogue Cloud Computing (C5)" of the BSI. For the service models Platform as a Service (PaaS) and Software as a Service (SaaS), IDW PH 9.860.3 contains additional requirements.