Standards & Certifications

How do we define IT Security Consulting?

IT-Security Consulting
Our consulting approach focuses on improving technical IT security by addressing technical vulnerabilities with appropriate solutions to fix or minimize them. It is essential to identify these vulnerabilities as a preliminary measure to enhance IT security transparency, based on actions such as penetration tests, IT audits, and similar methods.

The core responsibility of the IT Security Consulting Team is to eliminate technical vulnerabilities and security gaps by collaboratively developing suitable solutions with our clients.
Organizational aspects such as policies, requirements, and processes are then to be considered as supplementary measures.
Our motto is to first reduce the entry risk through concrete measures, thereby proactively working on further ideas and possibilities related to security.

Information Security vs. IT Security Consulting

These two terms, information security and IT security consulting, are frequently interchanged or even misinterpreted as one and the same. But what exactly distinguishes them? Information security, which is governed by various standards in the industry, extends beyond IT security. It involves safeguarding valuable information of all kinds, often referred to as information assets or information values.

Information security encompasses various aspects, including physical documents and their disposal according to specific DIN standards, as well as personnel security to prevent incidents like those involving Unister's top management in 2018.

In IT-Security Consulting, the primary focus is on the security of IT systems and components, with other assets generally not being considered. The goal is to address only high-probability business risks, such as hacker attacks, data center fires, or smartphone losses due to theft.

ProSec supports you with our consulting services on both paths, whether it's in information security on the path to an Information Security Management System (ISO 27001 & BSI Basic Protection) or on the predominantly technical level with IT security consulting.

What sets us apart with our
IT Security Consulting?

In theory, a top-down approach is prescribed for IT security. However, from our practical experience, we find that a bottom-up approach is more appropriate. Why?

Security vulnerabilities as security risks typically arise not in concepts but in the implementation and the maintenance of the currency of the IT environment.

Improve the level of security with IT security consulting

That's exactly where we start – in the first step, to sustainably enhance a company's security level by addressing specific vulnerabilities. This provides us with the time to then collaboratively develop and implement concepts, processes, and guidelines effectively, based on real-world experience.

Our goal is to avoid toothless paper tigers and ensure that compliances work as they should. We prioritize pragmatism over bureaucracy.

ProSec IT security consultant during the audit

A cyber attack can impact not just your IT systems,
but also your financial health and your corporate reputation.

IT-Security Consulting

Focusing on protection against hacker attacks.

We identify suspicious activities and counter them with coordinated tools and, more importantly, expertise.

Bottom up without theory

Action and project plans are always based on "Vulnerability Detection Assessments" such as Penetration Tests or Vulnerability Scans.

From the practice for the practice

Through the combination of a bottom-up to top-down approach, we achieve high cost-effectiveness and avoid misinvestments in the Infosec field.

Real and honest feedback

We are transparent and expect the same from the customer

Trial period of 6 months

We often terminate customer contracts within the first 6 months because customers do not have a genuine interest in security. The termination clause is mutual, as we take our work seriously!

Workshop on Prioritization

Prioritization and approach are aligned together
with the creation of an action plan.

Agile processing

We use monthly iteration cycles (Sprints) to complete the defined amount of work.

Quarterly or semi-annual report

We create reports for middle and top management

Development of an information security management system

There are currently (as of January 2022) over 50 information security management systems on the market. All offer advantages and disadvantages and in the end all try the same thing - to create transparency in all risks for the respective target group of the system and to enable the company to sustainably increase and keep information security levels alive.

We basically support 3 ISMS systems:

ISO/IEC 27001 is a recognized international standard for information security management systems. It determines the requirements for the establishment, introduction, operation, monitoring, maintenance and improvement of a documented information security management system (ISMS).

The ProSec ISMS differs very easily from existing standards, we are not trying to reinvent the wheel, but consciously use all the controls from systems that have proven themselves and "mix" functioning components from all current but also upcoming systems and 100% transparent. This has the advantage that the effort involved in certifying various systems is lower and the ISMS remains generic and, above all, does not lose sight of the essentials. Minimize technical risks, validate them quickly and cyclically (based on the MGMT method "Lean Start-up") and transfer them sustainably to internal company processes.

Common mistake in practice

Many of our business partners, be it the federal government or medium-sized companies, repeatedly make the mistake of approaching the topic of information security TOP Down in the form of a management system (ISO/BSI, etc.). This always results in the fact that our Quality Assurance process shows that the theoretically constructed systems can unfortunately be certified in the end, but never really have protection against, for example, hacker attacks (checked by us using penetration tests) or are even capable of these attacks really qualified to recognize and then to react accordingly (see Incident Response).

After a penetration test, many of our business partners are sensitized and fall into actionism and an emotional compulsion to act. Unfortunately, this always results in significant failures and problems in IT. In addition, the thought arises that a penetration test, which usually leads to a complete takeover of the IT at ProSec within 8 test days, gives the impression that the solutions to the problems are just as quick and easy as our "hacks". This is a fallacy, because it is often exactly mirrored. The more hacks lead to success, the more fundamental the problems in IT are and the longer and more complex their solution is.

Please trust us here, because emotional activism and underestimating the topic leads to the wrong attitude in top management - "IT security is a top priority". 

Security Advisories