The digitalisation of companies proceeds apace, as does the need for IT security, as the threat of cyber risks of all kinds is mounting on a significant scale. It is also becoming increasingly important for SMEs to defend themselves against such threats. In addition to the practical benefits, the company's compliance, i.e. the legally compliant behaviour of its executive bodies and governing institutions, is also a valuable good. Our aim is to produce smart, i.e. risk-orientated, economical and proportionate solutions that are precisely tailored to your company.
In the field of information security, we provide support in the establishment, continuous testing and improvement of information security management systems (ISMS). We also advise clients on the specific implementation of legal requirements such as the NIS 2 Directive or the DORA. As an initial step, we offer to carry out an impact analysis. If your company is impacted, we then perform a gap analysis, from which recommendations for action and a project plan are derived. If desired, we can also support you as a reliable partner in the conception and realisation of your project, offering both our technical expertise as well as project management. In the area of IT security & cybersecurity, we feature a comprehensive range of security solutions with Certified Security Operations Center GmbH, a joint venture of dhpg IT-Services GmbH and TÜV TRUST IT GmbH Unternehmensgruppe TÜV AUSTRIA. Thanks to many years of experience and above all numerous projects carried out with medium-sized companies, we are able to not only provide expert support, but also smart solutions that always keep one eye on cost-effectiveness in the implementation.
You won't hear us say: "it depends". Clear answers are our calling card. So you can properly weigh business opportunities and risks.
We see ourselves as your partner - through thick and thin. Positive collaboration as equals forms the basis for this. From one entrepreneur to another.
Advice without surprises. We have made this our maxim. That is why we always work on an interdisciplinary basis. So that you can make well-founded decisions while thinking outside the box.
Would you like to get together in a personal meeting? We would be glad to arrange an appointment with you – no strings attached – so we can get to know each other. We look forward to your call or e-mail and to hearing from you.
The pandemic made it painfully evident how complex supply and service relationships are today. Data is exchanged digitally using a wide variety of players and systems. Against this backdrop, it is important for companies to be mindful of their own IT infrastructure, IT applications and processes so that they can avoid any risk of IT systems failing or being damaged or failing to comply with data protection requirements. An information security management system renders all of this transparent. This enables companies to strengthen their own infrastructure and avert potential damage to their organisation. Moreover, an effective ISMS is now also mandatory for companies subject to NIS-2 or the DORA.
The objective of the NIS 2 Directive is to improve the security and resilience of critical infrastructures in the EU. It does this by introducing stricter security requirements and reporting obligations for operators of essential services and digital service providers. In view of the growing menace posed by cyber-attacks and increasing dependence on digital infrastructures, a standardised and robust security strategy is required. NIS-2 ensures that organisations are able to take preventative measures and respond quickly and effectively in the event of an incident. In addition to the intrinsic motivation to be at the ready to ward off cyber-attacks, there is also a threat of considerable fines for non-compliance. Depending on the category, companies found to be non-compliant could face administrative fines of up to EUR 10 million or up to 2% of their previous year's global sales revenue.
The DORA is a new EU regulation aimed specifically at the financial sector in order to strengthen its digital resilience. As a so-called "lex specialis", i.e. a special law, the DORA takes precedence over NIS-2 as a general law. The regulation obliges affected companies to implement comprehensive security measures to protect their systems and data from cyber-threats. This includes regular testing, risk analyses and ensuring business continuity in the event of a cyber-attack. It should be emphasised that not only financial enterprises are affected, but also insurance brokers or rating agencies, for example. We recommend that stakeholder companies first carry out a gap analysis to identify where there is still a need for action. Based on the gap analysis, we then draft a project plan together with the companies while supporting the individual sub-projects with technical expertise. We also offer to assume the complete project management, and we will be happy to proceed using agile project management methods.