Security Workshop
Determining the status quo together.
Holistic security analysis based on best practices
Maturity level measurement using attack simulations
Cyber Security Reference Stack: Scalable architecture for secure cloud and mobility
SECURITY FACTORY | IDENTIFY | SECURITY WORKSHOP
How are you set up in terms of security?
IT security is a complex topic. Technological (e.g. IoT, cloud transformation, big data, machine learning and OT) and regulatory requirements (e.g. GDPR) and threats are constantly increasing. Those responsible ask themselves whether their IT security is well positioned and want to have this checked and documented by an external specialist.
With the Security Workshop, Possehl Secure has developed a consulting service based on recognized standards and best practices. In addition to the many years of experience of Possehl Secure consultants from a wide variety of perspectives, CIS Critical Security Controls® , BSI guidelines and the NIST Cyber Security Framework were also included.
Workshop procedure
Interviews with key personnel
to collect relevant information
Review of configurations and documentation
Optional additional
Cyber Incident Simulation
e.g. Spear Phishing; Optional additional
Direct advice on requirements
already during the workshop
Prioritized results and recommendations
documented in a report
The workshop can focus on the following topics:
Infrastructure security
System and data security
Cloud security
(Industrial) Internet of Things / OT
Attack detection and defense
Identity, access and authorization management
Organizational security
Cyber Security Reference Stack
Possehl Secure has developed a blueprint based on current company requirements (mobile working, working from home, cloud transformation, etc.). The architecture of the Cyber Security Reference Stack enables a secure transformation to the cloud as well as secure mobile working (including home offices, secure modern workplace, conditional access, etc.) and thus offers a scalable and reliable foundation for the integration of modern IT applications and services (Microsoft Teams, integration of cloud-based AI technologies, etc.).
Based on the workshop, Possehl Secure checks whether the stack fits your requirements. An implementation plan is also drawn up. Possehl Secure can either train the company's staff or offer an integrated operating model in the form of a managed service.
Cyber Incident Simulation
The security of company resources can be tested using many methods: from classic Audits and Penetrationstests to Red-Team Assessments. These tests are excellent at determining the attack surface and vulnerability. However, different perspectives are required to test how resilient a company is against real campaigns that have occurred in the past. What happens if a targeted spear phishing campaign is successful? Are we vulnerable to the attackers' tools, tactics and procedures (TTPs)? These perspectives (offensive and defensive) can best be determined in a cyber incident simulation.
During workshops, Possehl Secure consultants simulate previously selected cyber incidents with different people on the client side. Using playbooks based on MITRE ATT@CK, existing security controls and processes are tested for effectiveness. A maturity assessment is carried out, including in the areas of prevention, detection and control. The client then receives a report in which the determined maturity level, weaknesses and measures are listed.