Security-Rating

Security Controls Management

Proactively secure development and operations to prevent vulnerabilities from occurring in the first place.

Easy identification, management and governance of security controls for critical assets.

If security is only treated as an "afterthought", this leads to a lot of unnecessary stress, high costs and countless problems in the long run. Therefore, security must be considered as early as possible in the lifecycle of an asset - according to the "shift left" philosophy. The condignum Security Controls Management helps you to identify the appropriate security controls for each challenge, to manage their implementation and to track them throughout the entire lifecycle.

Application Security

All the way from the secure development process to specific secure coding guidelines.

    Specific secure coding requirements and design best practices are identified for each application, depending on its individual characteristics, and can be integrated into the development process in a structured and reproducible way. Thanks to detailed instructions, neither the identification nor the implementation of these measures require a lot of security know-how.

    With the help of customisable analysis capabilities and dashboards, the existing application portfolio and the security status of the applications it contains are always in view.

    • Overview of the application portfolio and its security status
    • Ongoing optimisation of the secure software development lifecycle
    • Know-how transfer through guided "learning by doing" for technical employees
    • Pre-selected and prioritised secure coding measures and secure design best practices
    • Detailed instructions and code examples from security experts
    • Tools for structured and reproducible implementation

    Operational Security

    Bullet-Proof System Configurations

      Specific security hardening measures and secure configuration best practices are identified for all components of the IT infrastructure, depending on the individual characteristics of each component, and can be implemented in a structured and reproducible way.

      Thanks to detailed instructions, neither the identification nor the implementation require a lot of security know-how. And with the help of customisable analysis options and dashboards, the ongoing IT operation and the security status of all components can be monitored at all times.

      • Overview of all IT components and their security status (incl. trend analyses)
      • Continuous increase of the security level through carefully selected security measures
      • Know-how transfer through guided "learning by doing" for technical employees
      • Pre-selected and prioritised security hardening measures and config best practices
      • Detailed instructions and configuration examples from security experts
      • Tools for structured and reproducible implementation

      Threat Modeling

      Identify threats before they cause harm

        Possible threats and their impact on applications, IT systems and infrastructure are identified and security controls defined. Thanks to detailed instructions, neither the identification nor the mitigation requires a lot of security know-how.

        • Overview of relevant threats to applications, IT systems and infrastructure, including technical risk assessments.
        • Prioritised tasks for proactive, structured and verifiable mitigation
        • Detailed instructions for the implementation of security measures

        Cloud Security

        Security - even more so in the cloud

          Security best practices are identified for the use of cloud technologies, depending on their individual characteristics, and can be implemented in a structured and verifiable manner. Thanks to detailed instructions, neither the identification nor the implementation requires a lot of security know-how.

          • Specific security best practices - both cross-technology and technology-specific for AWS and MS 365/Azure.
          • Tools for structured and verifiable implementation
          • Detailed instructions for the implementation of tasks

          Security according to the BSI IT-Grundschutz Compendium

          Establish and manage security in accordance with the BSI IT-Grundschutz Compendium

            The security requirements of the BSI IT-Grundschutz Compendium are made accessible and can be implemented in a structured and verifiable manner. In addition, the current implementation status can be visualised at any time.

            • Pre-filtered security measures from the BSI IT-Grundschutz compendium
            • Tools for structured and verifiable implementation
            • Overview of the current implementation status
            • Trend analyses

            Asset Security Rating

            Security status at a glance

              The security level of the organisation's assets is always visible and comparable at a glance.

              This is made possible by calculating a simple security rating for each asset on a scale of A - E, based on the remidiation status of the identified vulnerabilities. Keep the overview and set priorities.

              • Security rating on a scale of A - E for individual assets
              • Security rating comparison between assets

              ISO 27001:2022

              Information security management system

                Get all the requirements of ISO/IEC 27001:2022 for setting up and operating an information security management system (ISMS). Our platform provides you with all the necessary functions, from carrying out a GAP analysis and creating a statement of applicability (SOA) to tracking measures and ongoing compliance evaluation.

                NIS2 Readiness Check

                Optimize your NIS2 compliance with our customized NIS2 Readiness Check

                  Our maturity assessment enables you to develop a clear and structured implementation plan.

                  • Full NIS 2 Readiness Check: A comprehensive review of your readiness for the NIS 2 directive.
                  • Targeted analysis of additional NIS 2 requirements: Comparing and contrasting your existing processes with the new requirements of the NIS 2 directive.
                  • Technical standards analysis: Assessment of the implementation and effectiveness of technical standards within your organization.

                  NIS2 Toolkit

                  Strengthen your cyber security with our NIS2 platform package

                    The NIS2 document toolkit from the condignum library is your key resource for your cybersecurity measures and NIS2 compliance. Our comprehensive collection of practical templates and clear guidance will help your organization achieve sustainable and structured NIS2 compliance.

                    With the NIS2 Toolkit, you cover all relevant aspects of the NIS2 guidelines and meet legal requirements efficiently and effectively. The combination with the condignum platform optimizes your security strategy and strengthens the trust of your customers and partners. Benefit from our expertise and proven methods to achieve your cyber security goals quickly and reliably.

                    Rely on the NIS2 Toolkit and take your organization to a new level of security.

                    Cyber Trust Austria Label

                    The Austrian seal of approval for cyber security

                      By obtaining the Cyber Trust Austria Label - the Austrian seal of approval for cyber security - you can show that security is important to you and that your customers and partners can trust you.

                      The condignum platform supports you in preparing for this meaningful certification.

                      Content Library

                      Ready-to-use and proven content to support your security and compliance requirements

                        The condignum Content Library extends the Security Compliance Management and Security Controls Management modules with immediately requirements and measures catalogs. The catalogs contain both known standards standards, norms and laws, as well as established security best practices for Development and hardening of IT systems

                        The content is continuously expanded and updated from our experts.