Services: Security Coaching
Goal
Direct consultation and coaching in order to discuss, avoid, and restrict the formation of vulnerabilities in a project.
Initial Situation
The customer provides us with information about an imminent or current project. All available documentation about this project is provided (e.g. concepts, meeting minutes, etc.).
Approach
- Preparation: Collection of all available information about an upcoming task.
- Research: Collection of further information (e.g. experiences of other customers).
- Discussion: Discussion of the task and the resulting possibilities.
- Suggestions: Suggestion and documentation of a secure solution.
Result
First and foremost we provide direct support through concrete suggestions and solutions. A documentation is provided – in contrast to other services – only at the customer’s request.
Pros and Cons
Through our direct involvement in a project we are able to leverage our input in order to avoid serious errors and to achieve maximum security. Because security concerns are addressed from the beginning, vulnerabilities can be avoided from the start. This avoids costly testing and retroactive adjustments after the fact.
Reference Example
Security Coaching Security Implementation: After a serious incident, a large car manufacturer decided to completely revise the IT security structures and processes. We provided consultations and coaching from the initial concept phase to the implementation phase. For example, during the patch/hardening management process we developed our own model to assess objects and the resulting security measures (USO: Unified Security Object™) together with the client.
