FAQ
Frequently Asked Questions
Answers to the most common questions about our security solutions and services.
What is information security and why is it important?
Information security encompasses the protection of all information -- digital, physical, and organizational -- from unauthorized access, manipulation, and loss. It is critical because businesses increasingly depend on digital processes, and cyberattacks are becoming more frequent and sophisticated. Comprehensive protection ensures the confidentiality, integrity, and availability of your data.
What is the difference between IT security and information security?
IT security focuses on the technical protection of IT systems, networks, and data. Information security goes further and covers all types of information -- including physical documents, verbal communication, and organizational processes. Information security is the overarching concept that includes IT security.
What is an ISMS and does my company need one?
An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information. It includes policies, processes, and technologies. Every company that processes sensitive data benefits from an ISMS. For certain industries and certifications (e.g., ISO 27001), it is even required.
How much does a penetration test cost?
The cost of a penetration test depends on various factors: the scope of systems to be tested, the type of test (black-box, grey-box, white-box), the complexity of the infrastructure, and the desired depth of analysis. Contact us for a customized quote tailored to your specific requirements.
What is a SOC and why do I need it?
A Security Operations Center (SOC) monitors your IT infrastructure around the clock for security threats. It combines cutting-edge technology, experienced security experts, and proven processes to detect and defend against cyberattacks early. A SOC is especially important for companies that require 24/7 protection.
What does an external Information Security Officer (ISO) do?
An external ISO takes responsibility for information security in your company without requiring you to fill a full-time position. They develop security policies, conduct risk analyses, coordinate security measures, and ensure compliance with legal requirements -- such as GDPR and NIS2.
How long does it take to implement an ISMS?
Implementing an ISMS typically takes between 6 and 18 months, depending on company size, existing processes, and the targeted certification level. We guide you step by step through the entire process -- from the gap analysis to certification.
What is the NIS2 directive and does it affect my company?
The NIS2 directive is an EU regulation that tightens cybersecurity requirements for companies in critical and important sectors. It affects a wide range of industries, including energy, transport, healthcare, finance, and digital infrastructure. Companies with more than 50 employees or 10 million euros in revenue in these sectors are generally affected.
Do you also offer employee training?
Yes, we offer comprehensive Cyber Awareness Trainings. These include interactive sessions on phishing detection, social engineering, secure password practices, and safe use of IT systems. Our trainings can be delivered as workshops, online courses, or as a continuous awareness program.
What should I do during a security incident?
In a security incident, fast action is critical. Contact our Incident Response Team immediately at +49 (0) 2058 175 566 0. Isolate affected systems if possible, but do not alter any evidence. Our team will support you with containment, analysis, and recovery.