References

Development of an incident response plan

Performing a simulated security incident to train the incident response team

External review of a catalog of fundamental measures for the long-term increase of information security

Conducting a two-part tabletop exercise to test the incident response team and incident response processes

Development of a "Security Operation Center" (SOC) operational model. For this purpose the requirements of all stakeholders were collected, evaluated and processed in several resulting documents: The developed role profiles were used to find suitable employees, the division into activities to be performed by the organization itself and activities to be performed by external parties served as a basis for the Managed Security Service Provider (MSSP) tender, and with the help of the identified risks and use cases the benefits of a SOC could be demonstrated to the management level.

Creation of around 24 incident response runbooks for various use cases for the Security Operation Center (SOC) of a cantonal IT department

Workshop to identify general security problems in IT and, if necessary, make recommendations for the solution of the security gaps. The goal was to get a second opinion on the current security measures.

Assist in the identification, planning and implementation of various information security initiatives: regularly chairing a cross-divisional information security committee, developing new processes, advising on various organizational and technical information security measures, etc.

Comparison of the ICT concept focusing on information security and SOC services with standards and best practices and development of additional requirements

Review of a SOC/CSIRT concept and use cases to prepare a SOC evaluation

Incident handling training & workshop

Incident response exercise (analysis of existing processes, definition of the roles to be part of the exercise, creation of the storybook, observation and evaluation of the all-day exercise with international participation, preparation of recommendations, various meetings)

Security scan of multiple networks with presentation of the results and two workshops regarding an IT security awareness program and incident response / forensics readiness

Digital forensic readiness audit

Digital forensics concept (incl. processes, check lists, tool and digital forensic readiness recommendations)

Company training: digital forensics (3 day training of the security team: legal and organizational aspects, briefing / preparation, forensic data acquisition (local and remote), data analysis, documentation, presentation / discussion, hardware and software, practical exercises, dos & don'ts, etc.)