Information Security aaS

Information Security Management serves to sustainably improve cyber security at a technical and organizational level and is an important component of cyber compliance. In particular, the topic of risk management and the measures to be derived from it are the focus of numerous standards and norms such as NIS2 or DORA. InfoSec as-a-Service ensures that information security management is operated on the basis of the international ISO27001 standard. If required, an external CISO (Chief Information Security Officer) is also deployed and a digital platform is provided as the basis for CyRiSo’s service provision.

Your Benefits

Expertise

Working with professionals in the field of the ISO27001 standard

Trust

Delegation of responsibility for InfoSec to an external experienced CISO

Auditability

Ensuring compliance with standards and norms through to certification

Digitalization

Use of a dedicated platform

The Standards

ISO27001, ISO27002, ISO27005, DIN 27076, TISAX, NIS2

The Results

Sustainable information security management to increase the level of technical and organizational maturity and compliance with standards and norms.

InfoSec aaS Packages

InfoSec-as-a-Service is offered in three service packages (individually customizable):

INFOSEC aaS BASIC
  • Status monitoring of technical and organizational security controls
  • Monitoring of ISO27001 / DIN27076 for conformity to the standard (methodical)
  • Participation in status meetings
  • Review of the risk management process and risk analyses
INFOSEC aaS STANDARD
  • All INFOSEC activities aaS BASIC

  • In addition:
  • Update of the policy framework
  • InfoSec reporting
  • Evaluation of the effectiveness of the security controls set
  • Definition and monitoring of compliance with security objectives
  • Performance of risk assessments
INFOSEC aaS PRO
  • All activities of INFOSEC aas BASIC and STANDARD

  • Additionally:
  • External CISO role
  • Management of the InfoSec framework and methods for ISO27001 and/or DIN 27076 (for very small companies)
  • Ensuring compliance with the certification maturity level
  • Participation in management reviews and audits

No suitable service package? We are standardized in our services, but flexible in the composition of the packages.