Branchen Icon


The transport sector is subject to a number of legal security requirements formulated by the IT Security Act. The BSI-KritisV specifies threshold values when a company is to be regarded as a critical infrastructure. For example, the threshold for passenger airports is 20,000,000 passengers per year. Public transport companies with a value of 125,000,000 passengers per year or more are considered critical infrastructure.

We support various divisions in the transport sector in meeting legal requirements. Regular security and risk assessments are not only prescribed by the ISMS policy, but also monitor operational IT security and increase the actual security level.

The projects we have managed and successfully implemented include airports, shipping and road transport as well as rail transport and logistics in the retail sector.

Our solutions for companies in the transport sector:

  • ISMS structure according to DIN ISO/IEC 27001:2015
    • Organizational and technical gap analyses
    • Creation of security guidelines, processes and procedures
    • ISMS implementation at organizational level according to ISO/IEC 27001:2013 and the BSI-100 series (basic protection)
    • Security concepts / controls according to ISO/IEC 27002:2013 and ISO/IEC TR 27019:2013
  • ISMS operationalization
    • We implement the organisational measures from the security management (e. g. ISMS) in a technically effective manner.
  • ISO/IEC 27001-Certification support
  • Implementation and support for secure operation of centrally controlled basic services (malware prevention / antivirus, patch management, directory services / Active Directory, backup and recovery, security monitoring and account management)
  • Integrated IT security concept (ICS Security Guideline)
  • Network security
    • To increase security, we optimize your network by reducing complexity, increasing reliability through redundancy and coupling networks with network segmentation
    • Protection of remote control access for own service employees and third party access
  •  System hardening
    • System hardening of all systems leads to a minimization of the attack vectors
  • Security Monitoring for the earliest possible detection and elimination of problems
  • Incident Response
    • Establishment of an Incident Response Team (CSIRT/CERT)
    • Establishment of a Security Operating Center (SOC)
  • We take over the incident response for you with our CSIRT.
    • The CSIRT service is provided 24/7 and covers all technical, organizational and procedural aspects.
    • A high degree of specialization in different technologies enables a wide range of applications. It goes without saying that standardized procedures and methods are used. More than that: We help shape the standards around the Digital Evidence Process.
  • Physical security
    • Physical evaluation and auditing of your infrastructures
    • The upgrading, planning and realization of data center and technical rooms
    • We support companies and organizations with the goal of data center certification
    • Another focus is the intelligent video monitoring of downstream alarms
    • In order to guarantee holistic security of physical infrastructures, the trade interfaces are designed and coordinated as a whole
  • Risk management
    • Risk assessments taking into account the results of the security tests, the company risk strategy and the core business processes
    • Integration of IT risk management into corporate risk management
    • Technical ICS audits with regard to the safeguarding measures of the control systems

Your contact person

Ihr Ansprechpartner

Manfred Peine

Senior account manager
Tel. +49 2173 20363-0

Reference projects

  • Technical security test
    • German seaport
  • Creation of Protection Profiles
    • German Rail
  • Consulting for implementation of B3S Traffic
    • German metropolis (KRITIS)

more reference projects...

Committee work

  • Working group 713.3.5 (Establishment B3S traffic)
    • DKE
  • ISO IEC JTC1 SC27 (WG3 and WG4)
    • ISO
  • Mirror committee NA 043-01-27
    • DIN

more committee work...


  • The benefits of a safety test for process control technology
    • Westermo Solution Days - Roadshow
    • Feb 2016
  • Consistent security management with the help of central services
    • IT security requirements for the energy industry
    • May 2014
  • Technical tests for ICS systems
    • 14. German IT Security Congress
    • May 2015

more lectures...


  • Consistent security management with the help of central services
    • SPS IPC Drives Kongress
    • Nov 2012
  • Hazard situation and safety of pump stations in open pit mining operations
    • a+s
    • Feb 2012
  • Information Security for Energy Automation Systems
    • EW
    • Sep 2009

more publications...