Security- & Risk-Assessment

Security & Riskassessments Icon

Security- & Risk-Assessment

Security is measurable

Security testing is an important part within Security Management and monitors the operational security. On a technical basis, security testing is a significant pillar of the check-phase within the PDCA-control process, which serves to systemize the handling of security. These are prescribed by the ISMS policy and serve as proof of compliance. Even without ISMS, internal management may require proof of the current security level.

For manufacturers who want to guarantee a secure implementation for their components or if security is an acceptance criteria to be met, the principles Security by Design and by Default must be proven by a security test.

If you want to protect your assets operatively effectively, you can rely not only on your good feeling but also on the certainty that a security test offers you

Technologies and Scope

  • Industrial Control Systems (ICS)
  • Cyber Physical Systems (CPS / Industry 4.0)
  • (Web-)Applications
  • System- and Network level
  • PCI DSS

In order to determine and increase your security level optimally, we have a large number of different methodological tests ready for you. To ensure that all findings are reproducible, we carry out security tests on the basis of standards in accordance with the de facto standard "Open Source Security Testing Methodology Manual" (OSSTMM) and the Testing Guide of the "Open Web Application Security Project" (OWASP).  This gives our customers the greatest possible transparency - both in terms of our work and your IT security.

We deliberately distinguish security testing from penetration testing and ethical hacking in order to make valid and holistic statements about the actual status of your IT security. Our test methods are versatile and can be applied to all technologies and scopes.

Among other things, we offer classic tests for the system and network level as well as (web) applications. In addition, we also test specific systems and system environments such as Industrial Control Systems (ICS) or Cyber Physical Systems (CPS), as found in all areas of production and the energy industry. Alongside IT security, we also support you in the area of Operation Technology (OT).

Our tests not only provide proof of compliance for (for example) PCI DSS, but also of technical compliance for your ISMS. Our solution consists of an extended security assessment, which checks both the ISMS maturity and the effectiveness of the security controls as well as the process maturity according to CMMI.

Assessment-Types

  • Security Evaluation
  • Risk analysis
  • Technical security test
  • Physical Assessment
  • Threat Intelligence
  • Extended Technical Compliance

Your contact person

Ihr Ansprechpartner

Manfred Peine

Senior account manager
Tel. +49 2173 20363-0
Mail info-at-admeritia.de

Reference projects

  • Technical Gap Analysis
    • Various network operators Electricity/gas
  • Technical safety test infrastructure
    • Seapor
  • Detailed Risk Assessments
    • Chemical group

more reference projects...

Committee work

  • ISECOM-Board
    • ISECOM
  • Member US-Chapter
    • OWASP
  • ISO IEC JTC1 SC27 (WG3 and WG4)
    • ISO

more committee work...

Lectures

  • The benefits of a safety test for process control technology
    • Westermo Solution Days - Roadshow
    • Feb 2016
  • Recommended implementation of a Detailed Risk Assessment according to IEC 62443 - 2 - 1
    • VDI Automation
    • Jun 2015
  • IT security in production Weak points and incidents
    • ZVEI/BSI Forum
    • Nov 2013

more lectures...

Publications

  • Recommended implementation of a Detailed Risk Assessment according to IEC 62443 - 2 - 1
    • VDI Automation
    • Jun 2015
  • Technical tests for ICS systems
    • 14. German IT Security Congress
    • May 2015
  • The Next Step for BSI, ISO2700x & Co: Operational Security Management with the Open Source Security Testing Methodology Manual (OSSTMM)
    • IT + Business
    • Oct 2010

more publications...