Organisational Resilience Service
Effective protection is not achieved through the most comprehensive technical solutions possible, but through integrative approaches that include technical and organizational conditions. Based on the identification of critical infrastructure and the business impact analysis, concrete fields of action can be derived for securing infrastructure that requires protection.
As a basis for the targeted allocation of resources, critical infrastructure must be identified and its impact on operations analyzed. The need for protection can then be determined on the basis of risk categories. In doing so, we are guided by the NIST Cybersecurity Framework. Where appropriate, the Framework is supplemented by other recognized industry standards (ICT minimum standard from the Swiss Federal Office for National Economic Supply (BWL), basic protection (100-2) from the German Federal Office for Information Security (BSI), ISO 2700x).
Based on the inventory, concrete fields of action are identified, allowing discussion of technical measures, rules, processes, metrics and organizational structures. Together, possible solutions are identified and evaluated, taking into account the circumstances of the respective organization. This ensures effective planning, implementation and control.
