Organisational Resilience Service

Taking organization, processes and the ecosystem into account.

Effective protection is not achieved through the most comprehensive technical solutions possible, but through integrative approaches that include technical and organizational conditions. Based on the identification of critical infrastructure and the business impact analysis, concrete fields of action can be derived for securing infrastructure that requires protection.

Big Picture & Risk

Analysis of risks and derivation of technical and organizational fields of action

Know-how & Awareness

Ensuring the necessary skills

Organisation & Processes

Definition of processes, workflows and roles, e.g. in playbooks

ICT Foundation

Ensure principles and minimum standards

Inventory & Assessment

As a basis for the targeted allocation of resources, critical infrastructure must be identified and its impact on operations analyzed. The need for protection can then be determined on the basis of risk categories. In doing so, we are guided by the NIST Cybersecurity Framework. Where appropriate, the Framework is supplemented by other recognized industry standards (ICT minimum standard from the Swiss Federal Office for National Economic Supply (BWL), basic protection (100-2) from the German Federal Office for Information Security (BSI), ISO 2700x).

Fields of action for protection and enablement

Based on the inventory, concrete fields of action are identified, allowing discussion of technical measures, rules, processes, metrics and organizational structures. Together, possible solutions are identified and evaluated, taking into account the circumstances of the respective organization. This ensures effective planning, implementation and control.