Our Services

Structured around NIST CSF. Matched to your maturity level.

NIST CSF Core Functions:
Where are we now?
Where do we want to go?
What is NIST CSF? What do the levels mean?
Govern

Information Security Management System (ISMS)

Level 0 → 1
Conduct an inventory, propose a scope, document the current state in writing.
You know where you stand. A document describes the current state and includes an initial scope proposal.
Level 1 → 2
Formally define the scope and assign responsibilities – done together.
Your ISMS has a formal basic structure. Scope and roles are documented.
Level 2 → 3
Introduce standard controls: access management, patching, logging, backup testing, MFA. Facilitate management review.
Standard controls are in place and demonstrable. Management is involved.
Level 3 → 4
Develop metrics, support internal audits, build deviation handling, test controls for effectiveness.
Your ISMS is actively managed. Metrics show whether controls are working. Deviations are handled systematically.
Level 5
Threat modelling workshop. Risk and controls tailored to your critical core processes.
Your critical core processes have tailored controls that go beyond the standard.
Govern

Policies, Standards, Processes

Level 0 → 1
Develop an information security policy – the why. Define scope.
You have a policy that explains why you pursue information security and who it applies to.
Level 1 → 2
Identify the minimum set of required documents and create them together.
You have the policies you actually need – no more, no less. Suited to your organisation.
Level 2
Workshop: how do you write processes, standards, and work instructions yourselves?
Your staff can document processes and standards independently. You are self-sufficient.
Level 3
Review existing documents for currency, effectiveness, and gaps.
You know which documents are outdated, incomplete, or not being followed – and receive concrete recommendations.
Govern

Cyber Security Strategy

One-time service: develop a cyber security strategy. Identify core processes and critical dependencies.

You have clarity. A documented cyber security strategy shows where you stand, what needs protecting, and which next steps make sense.
Govern

Security on Demand

Level 3
Virtual security architect: vendor-neutral support for selecting security solutions. No implementation – just decision support.
You make an informed purchasing decision, free from vendor bias. A documented recommendation with reasoning.
Level 3
Virtual IR readiness retainer: regular review of the IR plan, keeping documentation current, sparring sessions for questions.
Your IR plan is always up to date. You have a dedicated contact for incident response questions.

No 24/7 coverage, no response-time SLA.

Level 4
Virtual security advisor: regular strategy sessions, current threat landscape translated into relevance for you. A sparring partner for decision-makers without a dedicated security lead.
Decision-makers have a reliable contact who translates security topics into business language.
Level 5
Virtual CISO: situation reports, progress measurement, prioritisation of open items, bridge between IT and senior management.
Information security is managed at executive level – even without an in-house CISO.
Identify

Domain Monitoring

Ongoing service: we monitor potential misuse of your domains and detect fraudulent registrations early.

You are notified before customers or partners fall for spoofed domains.
Identify

Patch / Update Monitoring

Level 1
Ongoing service: monitor security updates from relevant vendors and notify you of critical patches for your systems.
You no longer miss critical patches. Clear information about when action is needed.
Level 2
Ongoing service: in addition to Level 1 – contextualise what each patch means for your specific setup and how urgent it actually is.
You don't have to assess it yourself. You get a clear recommendation on whether to patch, and how quickly.
Identify

Logging Concepts and Data Sources

Level 0 → 1
Take stock of which systems produce logs and which of those are security-relevant.
You know what log sources you have. A documented overview as the foundation for all further steps.
Level 1 → 2
Develop a logging concept: which data sources, which formats, centralised collection.
You have a logging concept that defines what is logged, in what format, and where it lands.
Level 2 → 3
Support implementation – connect relevant sources, set up central collection, verify formats.
Your logging concept is implemented. Central log collection is running, relevant sources are connected.
Level 3 → 4
Review existing logging, close gaps, remove irrelevant sources, improve quality.
Your logging is optimised. Gaps are closed, log quality improved.
Detect

SIEM Rule Development

Level 2 → 3
Develop initial detection rules, tailored to available data sources and real threat scenarios. Proven rule sets as a base, adapted to your organisation.
Your SIEM detects the most relevant threats. You have a first working detection layer.
Level 3 → 4
Review existing rules, reduce false positives, identify gaps, improve coverage.
Your SIEM works more precisely. Less noise, more relevant alerts, better coverage.
Level 5
Threat modelling, develop complex correlation rules, introduce ML-based anomaly detection.
Your SIEM detects complex, multi-stage attacks. Anomalies are identified automatically.
Detect

Log Parsing

One-time service: your SIEM doesn't understand a log format? We write the parser.

Your SIEM processes the log format correctly. No data gaps from unreadable logs.
Respond

Incident Response Plan

Level 1 → 2
Develop a first IR plan: roles, escalation paths, communication plans.
You have a plan for when things go wrong. Everyone knows what to do when it counts.
Level 2 → 3
Expand the plan: playbooks for specific scenarios, severity classification, internal and external communication.
Your IR plan covers the most relevant scenarios. You have concrete playbooks instead of general instructions.
Level 3 → 4
Review the existing plan – check for currency, completeness, and clarity.
Your IR plan is current, complete, and understood by everyone involved.
Respond

Tabletop Exercises

Level 2 → 3
First tabletop with a straightforward scenario. Get to know the IR plan, uncover weaknesses in processes and communication.
You know whether your plan works in practice. Weaknesses are identified and documented.
Level 3 → 4
More complex scenarios involving multiple teams, time pressure, and realistic inject sequences.
Your team is prepared for complex incidents. Cross-team coordination works under pressure.
Level 4 → 5
Full crisis simulation involving senior management, external stakeholders, and a media simulation.
Your entire organisation is prepared for a crisis – from the SOC to the boardroom.
Respond

SOC Build-Out

Level 0 → 1
Orientation session: evaluate in-house vs. MSSP vs. hybrid.
You have a solid basis for deciding what your SOC journey looks like.
Level 1 → 2
Define roles, tools, and budget. Develop job descriptions and initial structures.
You have a solid basis for deciding how to build your SOC.
Level 2
Cyber security analyst training: how to use which tools.
Your cyber security analysts have a solid grounding in incident response.
Level 2 → 3
Define processes, create shift schedules, establish escalation paths, develop playbooks, support tool integration.
Your SOC operates in a structured way instead of ad hoc. Processes are defined and documented.
Level 3 → 4
Conduct a maturity assessment, define KPIs, measure MTTD/MTTR, build management reporting.
You know how well your SOC actually performs. Metrics show where improvement is needed.
No services found for this selection.