IT is Certitude

IT Security Audits

A comprehensive audit of the technical architecture and the security measures as well as the IT processes necessary for secure operation gives you a big picture of your security level. On this basis, you can optimize your IT strategy for the long-term elimination of weak points and turn the right screws to reduce risks in a cost-effective manner.

Penetration Tests

A penetration test simulates a technical hacker attack on certain systems or networks. It shows possible attack scenarios for impairing the protection goals by exploiting a combination of technical vulnerabilities. Our methodology is based on recognized standards, and we carry out our analyzes using the black box, white box or gray box approach. The scope of a penetration test can be, for example, the internal network, systems accessible from the Internet or specific applications.

Source Code Reviews

The most precise form of a security analysis is the code review. Critical applications or application components are checked for vulnerabilities line by line. In addition to exploitable defects, this approach can also be used to identify problems that can become exploitable in the future with minor code or infrastructure changes. Certitude employs experts specializing in application security with a track record of identified vulnerabilities (CVEs) in products from well-known manufacturers.

Red Teamings

Red Teaming simulates a hacker attack with technical and non-technical methods. The aim is to check the security of a company using a realistic cyber-attack simulation. The weakest links in the defense chain are identified, be it technology, human factors (social engineering), gaps in physical security or errors in processes and procedures.

Phishing Simulations

Phishing is one of the most common entry vectors in companies and in some cases such attacks lead to the complete encryption of all company data. Technical measures are often not sufficiently effective against targeted phishing attacks, so the company's defense ultimately depends on the behavior of the individual employee. Our phishing simulations check exactly this necessary awareness of your users and make it measurable and transparent.

NIS Audits

The Network and Information Security (NIS) Directive was adopted by the European Parliament in 2016 to establish a high common level of security for critical sectors in the Member States. In November 2022, the European Parliament adopted NIS2, which builds on its predecessor and includes stricter security, reporting, and enforcement obligations, as well as an expansion of the list of sectors that must comply with these requirements. As a qualified body (QuaSte) accredited by the German Federal Ministry of the Interior (BMI), Certitude can support you on your path to NIS compliance or conduct required audits.

Application Security

We are happy to make our high level of expertise and experience in the field of application security available to you in order to work out security concepts, to develop application security controls and to implement necessary changes. In addition to technical aspects, we can also support you in improving your Secure Software Development Lifecycle (SSDLC) or DevSecOps process. With tried and tested concepts, a high level of automation through security tools and our experience with small and large software development teams, we can ensure an appropriate level of security even with agile software development and short deployment cycles.

Infrastructure Security

The IT infrastructure of companies is usually diverse and contains different components and technologies. IT security must be considered everywhere, otherwise there may be exploitable vulnerabilities. Microsoft Active Directory and appropriate network security play a key role, but are by no means all of the infrastructure security building blocks that need to be considered. Maintaining the security of infrastructure over the long term is only possible with suitable operational and security processes. In addition to our expertise, our consultants also have experience in operations and can therefore support you with practical suggestions and concepts.

Cloud Security

Cloud usage is steadily increasing for a variety of reasons. In many cases, it brings technical and operational advantages that ultimately lead to cost savings. When it comes to security, there are advantages and disadvantages, and you can only use security advantages and avoid risks as far as possible if concepts and processes are thought through at an early stage. Our experienced experts support you on your way to the cloud to ensure that security requirements are adequately taken into account.

Kubernetes Security

Hardly any developer, architect or IT manager gets past Docker and containers. Containerization has changed the way software is developed, deployed, and operated. Microservices is the new paradigm. Many information security teams around the world are wondering what this means for corporate security. Certitude supports you in using these technologies safely and correctly integrating them into existing development processes.

ISMS/ISO 27001

The Information Security Management System (ISMS) ensures that the security and continuity goals for information and data processing processes are achieved and effectively maintained. A functioning and effective ISMS not only protects the confidentiality, availability and integrity of critical information, it also enables you to use protective measures efficiently to reduce potential damage to an acceptable level. The efficient establishment or expansion of an ISMS requires operational know-how and experience in the areas of information security, IT security, IT infrastructure and risk management. Put yourself in the safe, knowledgeable hands of Certitude consultants.

DSGVO Compliance

The General Data Protection Regulation of the European Union and the corresponding national data protection laws derived from this regulation have significantly increased the requirements for data protection and thus also for data security in the EU member states. Due to the large amount of personal data in various business processes, data protection plays a role in almost every area of an organization. The creation of data processing registers is therefore often difficult and time-consuming. The principles of the GDPR such as data avoidance, data economy and storage limitation often pose technical challenges. Certitude advises and supports you on your way to GDPR compliance to avoid legal or reputational risks.

CRA Compliance

The Cyber ​​Resilience Act (CRA) obligates manufacturers, importers, and distributors of digital products to demonstrably implement cybersecurity across the entire product lifecycle – from security by design to vulnerability handling. Certitude supports you with practical expertise and years of experience. Your advantage: CRA compliance without hindering innovation – structured, integrable, and auditable. Our services include: legal and technical CRA impact analyses, CRA management workshops, gap analyses, and the development of a CRA roadmap for implementing the requirements; support during the implementation of measures until verifiable CRA compliance and the establishment and optimization of a CRA-compliant secure software development lifecycle.

IT Risk Management

Due to the growing importance and increasing complexity of information and communication technology (ICT), the management of ICT risks represents a clear competitive advantage. The supervisory authorities are also aware of the increasingly important opportunities and risks resulting from information and communication technology, aware and are intensifying the relevant requirements due to the increased risk situation. Certitude supports you in the design, development and operation of your ICT & Security Risk Management with the aim of increasing the resistance to threats to your own information and communication systems and thus avoiding economic damage. Use our hands-on expertise and let Certitude consultants support you.

AI Act Compliance

The EU AI Act establishes binding regulations for the use of artificial intelligence for the first time – risk-based, Europe-wide, and with clear obligations for providers, operators, and users of AI systems. The focus is on governance, transparency, risk management, and liability. Certitude supports companies end-to-end, from initial assessment to operational AI compliance. Our structured approach includes the assessment of the status quo & risk classification (analysis of deployed AI systems, relevant operational, governance and compliance processes, and classification of AI applications according to AI Act risk classes, including an action plan), the establishment of an Artificial Intelligence Management System (AIMS) (development of an AI strategy, establishment of AI governance according to ISO/IEC 42001, implementation of required operational, governance and compliance processes, as well as transparency and documentation obligations), and the ensuring AI compliance in operations (AI literacy training, integration of cybersecurity, data protection and ethical principles, as well as ensuring traceability, transparency and explainability of AI decisions).

NIS2 Compliance

The NIS2 Directive and corresponding national laws obligate companies to implement clearly defined organizational and technical cybersecurity measures. As an accredited and proven NIS auditor, Certitude has years of experience with information security in critical infrastructure. We support companies across borders and with a practical approach, including the following services: legal and technical NIS2 impact analyses, mandatory management training, gap analyses and roadmaps for implementing measures, support towards audit readiness, internal audits, and official NIS audits.

Cyber Incident Response & Forensics

Unfortunately, cyberattacks and the resulting damage to European companies are steadily increasing. Ransomware has established itself as a lucrative business – but industrial espionage and hacktivism are also motives for criminals. Has it happened to you this time? Don't hesitate to contact us immediately. Certitude's approach is not only to provide you with technical support in individual areas of cyber response, but also to take over comprehensive coordination for you if needed. A well-coordinated team, comprised of the various necessary skills, will support you in technical analysis, securing your systems, rebuilding your infrastructure, clarifying legal issues and fulfilling legal reporting obligations, communicating with employees, partners, customers, suppliers, insurance companies, (regulatory) authorities, the media, and negotiating with the extortionists.

Cyber Incident Response Retainer

Due to the increasing number of cyber incidents, many companies want the assurance that they will receive rapid assistance in an emergency. Do you require guaranteed response times? With our Cyber ​​Response Retainer, you receive a dedicated phone number with an agreed-upon SLA for immediate support in an emergency, with guaranteed response times. Please contact us for more information.