IT is our way
of solving your problem.
IT is Certitude
The targeted management of Information & Communication Technology (ICT) risks results in a clear competitive advantage. Together with you, we can exploit this potential for you and your company: Our services focus on the areas of IT security, information security, cyber-security, business continuity management and ICT risk and regulatory management.
IT Security Audits
A comprehensive audit of the technical architecture and the security measures as well as the IT processes necessary for secure operation gives you a big picture of your security level. On this basis, you can optimize your IT strategy for the long-term elimination of weak points and turn the right screws to reduce risks in a cost-effective manner.
A penetration test simulates a technical hacker attack on certain systems or networks. It shows possible attack scenarios for impairing the protection goals by exploiting a combination of technical vulnerabilities. Our methodology is based on recognized standards, and we carry out our analyzes using the black box, white box or gray box approach. The scope of a penetration test can be, for example, the internal network, systems accessible from the Internet or specific applications.
Source Code Reviews
The most precise form of a security analysis is the code review. Critical applications or application components are checked for vulnerabilities line by line. In addition to exploitable defects, this approach can also be used to identify problems that can become exploitable in the future with minor code or infrastructure changes. Certitude employs experts specializing in application security with a track record of identified vulnerabilities (CVEs) in products from well-known manufacturers.
Red Teaming simulates a hacker attack with technical and non-technical methods. The aim is to check the security of a company using a realistic cyber-attack simulation. The weakest links in the defense chain are identified, be it technology, human factors (social engineering), gaps in physical security or errors in processes and procedures.
Phishing is one of the most common entry vectors in companies and in some cases such attacks lead to the complete encryption of all company data. Technical measures are often not sufficiently effective against targeted phishing attacks, so the company's defense ultimately depends on the behavior of the individual employee. Our phishing simulations check exactly this necessary awareness of your users and make it measurable and transparent.
We are happy to make our high level of expertise and experience in the field of application security available to you in order to work out security concepts together with you, to develop measures and to implement necessary changes. In addition to technical aspects, we can also support you in improving your Secure Software Development Lifecycle (SSDLC) or DevSecOps process. With tried and tested concepts, a high level of automation through security tools and our experience with small and large software development teams, we can ensure an appropriate level of security even with agile software development and short deployment cycles.
The IT infrastructure of companies is usually diverse and contains different components and technologies. IT security must be considered everywhere, otherwise there may be exploitable vulnerabilities. Microsoft Active Directory and appropriate network security play a key role, but are by no means all of the infrastructure security building blocks that need to be considered. Maintaining the security of infrastructure over the long term is only possible with suitable operational and security processes. In addition to our expertise, our consultants also have experience in operations and can therefore support you with practical suggestions and concepts.
Cloud usage is steadily increasing for a variety of reasons. In many cases, it brings technical and operational advantages that ultimately lead to cost savings. When it comes to security, there are advantages and disadvantages, and you can only use security advantages and avoid risks as far as possible if concepts and processes are thought through at an early stage. Our experienced experts support you on your way to the cloud to ensure that security requirements are adequately taken into account.
Hardly any developer, architect or IT manager gets past Docker and containers. Containerization has changed the way software is developed, deployed, and operated. Microservices is the new paradigm. Many information security teams around the world are wondering what this means for corporate security. Certitude supports you in using these technologies safely and correctly integrating them into existing business processes.
The Information Security Management System (ISMS) ensures that the security and continuity goals for information and data processing processes are achieved and effectively maintained. A functioning and effective ISMS not only protects the confidentiality, availability and integrity of critical information, it also enables you to use protective measures efficiently to reduce potential damage to an acceptable level. The efficient establishment or expansion of an ISMS requires operational know-how and experience in the areas of information security, IT security, IT infrastructure and risk management. Put yourself in the safe, knowledgeable hands of Certitude consultants.
The General Data Protection Regulation of the European Union and the corresponding national data protection laws derived from this regulation have significantly increased the requirements for data protection and thus also for data security in the EU member states. Due to the large amount of personal data in various business processes, data protection plays a role in almost every area of an organization. The creation of data processing registers is therefore often difficult and time-consuming. The principles of the GDPR such as data avoidance, data economy and storage limitation often pose technical challenges. Certitude advises and supports you on your way to GDPR compliance to avoid legal or reputational risks.
IT Risk Management
Due to the growing importance and increasing complexity of information and communication technology (ICT), the management of ICT risks represents a clear competitive advantage. The supervisory authorities are also aware of the increasingly important opportunities and risks resulting from information and communication technology, aware and are intensifying the relevant requirements due to the increased risk situation. Certitude supports you in the design, development and operation of your ICT & Security Risk Management with the aim of increasing the resistance to threats to your own information and communication systems and thus avoiding economic damage. Use our hands-on expertise and let Certitude consultants support you.
The Network and Information Security (NIS) directive was adopted by the EU parliament in 2016 to establish a high common level of security across critical sectors in the member states. In November 2022, the EU parliment adopted NIS2, which builds upon its predecessor with stricter security, reporting and enforcement obligations, as well as expanding the list of sectors which must comply. As a qualified body accredited by the federal Ministry of Internal Affairs (QuaSte), Certitude can advise and support you on your path to compliance with NIS standards.
Cyber-attacks to European companies and related damages are steadily increasing. Ransomware trojans have established themselves as a lucrative business area – but industrial espionage or hacktivism are also motives for criminals. Have you become victim of such an attack? Do not hesitate to contact us immediately. Certitude’s approach is not only to support you in individual areas of cyber response, but also to take over the comprehensive coordination of the incident for you as a well-rehearsed team. A team made up of the various skills required for such an assignment will support you in the technical analysis on the attack, securing your systems to prevent further damage, the reconstruction of your infrastructure and information, the clarification of legal questions and the fulfillment of legal reporting obligations, communication with employees, customers, partners, suppliers, (regulatory) authorities, insurances and media and the negotiations with the attackers.