References

Planning and execution of tabletop exercises on ransomware and an Active Directory compromise

Red teaming and architecture review with the goal of compromising the backup infrastructure and testing its resilience against a targeted attack

Brief assessment of the backup concept with a focus on ransomware resistance based on an interview and documents

Review of a ransomware protection by simulating an encryption Trojan

Acting as an external security analyst to bridge a shortage of staff in the SOC of an international tool manufacturer

Revision of a disaster recovery plan by conducting a workshop

Internal security scan as a countermeasure to a security incident

Carrying out a phishing awareness campaign across the entire workforce

Planning and holding a training course on IT forensic data protection and introduction to forensic analysis

Development of an incident response plan

Performing a simulated security incident to train the incident response team

External review of a catalog of fundamental measures for the long-term increase of information security

Conducting a two-part tabletop exercise to test the incident response team and incident response processes

Development of a "Security Operation Center" (SOC) operational model. For this purpose the requirements of all stakeholders were collected, evaluated and processed in several resulting documents: The developed role profiles were used to find suitable employees, the division into activities to be performed by the organization itself and activities to be performed by external parties served as a basis for the Managed Security Service Provider (MSSP) tender, and with the help of the identified risks and use cases the benefits of a SOC could be demonstrated to the management level.

Creation of around 24 incident response runbooks for various use cases for the Security Operation Center (SOC) of a cantonal IT department

Workshop to identify general security problems in IT and, if necessary, make recommendations for the solution of the security gaps. The goal was to get a second opinion on the current security measures.

Assist in the identification, planning and implementation of various information security initiatives: regularly chairing a cross-divisional information security committee, developing new processes, advising on various organizational and technical information security measures, etc.

Comparison of the ICT concept focusing on information security and SOC services with standards and best practices and development of additional requirements

Review of a SOC/CSIRT concept and use cases to prepare a SOC evaluation

Incident handling training & workshop