Easy identification, management and governance of security controls for critical assets.
If security is only treated as an "afterthought", this leads to a lot of unnecessary stress, high costs and countless problems in the long run. Therefore, security must be considered as early as possible in the lifecycle of an asset - according to the "shift left" philosophy. The condignum Security Controls Management helps you to identify the appropriate security controls for each challenge, to manage their implementation and to track them throughout the entire lifecycle.
Platform Use Cases
Application Security
All the way from the secure development process to specific secure coding guidelines.
Operational Security
Bullet-Proof System Configurations
Threat Modeling
Identify threats before they cause harm
Cloud Security
Security - even more so in the cloud
Security according to the BSI IT-Grundschutz Compendium
Establish and manage security in accordance with the BSI IT-Grundschutz Compendium
Asset Security Rating
Security status at a glance
ISO 27001:2022
Information security management system
NIS2 Readiness Check
Optimize your NIS2 compliance with our customized NIS2 Readiness Check
NIS2 Toolkit
Strengthen your cyber security with our NIS2 platform package
Cyber Trust Austria Label
The Austrian seal of approval for cyber security
Application Security
All the way from the secure development process to specific secure coding guidelines.
Specific secure coding requirements and design best practices are identified for each application, depending on its individual characteristics, and can be integrated into the development process in a structured and reproducible way. Thanks to detailed instructions, neither the identification nor the implementation of these measures require a lot of security know-how.
With the help of customisable analysis capabilities and dashboards, the existing application portfolio and the security status of the applications it contains are always in view.
- Overview of the application portfolio and its security status
- Ongoing optimisation of the secure software development lifecycle
- Know-how transfer through guided "learning by doing" for technical employees
- Pre-selected and prioritised secure coding measures and secure design best practices
- Detailed instructions and code examples from security experts
- Tools for structured and reproducible implementation
Operational Security
Bullet-Proof System Configurations
Specific security hardening measures and secure configuration best practices are identified for all components of the IT infrastructure, depending on the individual characteristics of each component, and can be implemented in a structured and reproducible way.
Thanks to detailed instructions, neither the identification nor the implementation require a lot of security know-how. And with the help of customisable analysis options and dashboards, the ongoing IT operation and the security status of all components can be monitored at all times.
- Overview of all IT components and their security status (incl. trend analyses)
- Continuous increase of the security level through carefully selected security measures
- Know-how transfer through guided "learning by doing" for technical employees
- Pre-selected and prioritised security hardening measures and config best practices
- Detailed instructions and configuration examples from security experts
- Tools for structured and reproducible implementation
Threat Modeling
Identify threats before they cause harm
Possible threats and their impact on applications, IT systems and infrastructure are identified and security controls defined. Thanks to detailed instructions, neither the identification nor the mitigation requires a lot of security know-how.
- Overview of relevant threats to applications, IT systems and infrastructure, including technical risk assessments.
- Prioritised tasks for proactive, structured and verifiable mitigation
- Detailed instructions for the implementation of security measures
Cloud Security
Security - even more so in the cloud
Security best practices are identified for the use of cloud technologies, depending on their individual characteristics, and can be implemented in a structured and verifiable manner. Thanks to detailed instructions, neither the identification nor the implementation requires a lot of security know-how.
- Specific security best practices - both cross-technology and technology-specific for AWS and MS 365/Azure.
- Tools for structured and verifiable implementation
- Detailed instructions for the implementation of tasks
Security according to the BSI IT-Grundschutz Compendium
Establish and manage security in accordance with the BSI IT-Grundschutz Compendium
The security requirements of the BSI IT-Grundschutz Compendium are made accessible and can be implemented in a structured and verifiable manner. In addition, the current implementation status can be visualised at any time.
- Pre-filtered security measures from the BSI IT-Grundschutz compendium
- Tools for structured and verifiable implementation
- Overview of the current implementation status
- Trend analyses
Asset Security Rating
Security status at a glance
The security level of the organisation's assets is always visible and comparable at a glance.
This is made possible by calculating a simple security rating for each asset on a scale of A - E, based on the remidiation status of the identified vulnerabilities. Keep the overview and set priorities.
- Security rating on a scale of A - E for individual assets
- Security rating comparison between assets
ISO 27001:2022
Information security management system
Get all the requirements of ISO/IEC 27001:2022 for setting up and operating an information security management system (ISMS). Our platform provides you with all the necessary functions, from carrying out a GAP analysis and creating a statement of applicability (SOA) to tracking measures and ongoing compliance evaluation.
NIS2 Readiness Check
Optimize your NIS2 compliance with our customized NIS2 Readiness Check
Our maturity assessment enables you to develop a clear and structured implementation plan.
- Full NIS 2 Readiness Check: A comprehensive review of your readiness for the NIS 2 directive.
- Targeted analysis of additional NIS 2 requirements: Comparing and contrasting your existing processes with the new requirements of the NIS 2 directive.
- Technical standards analysis: Assessment of the implementation and effectiveness of technical standards within your organization.
NIS2 Toolkit
Strengthen your cyber security with our NIS2 platform package
The NIS2 document toolkit from the condignum library is your key resource for your cybersecurity measures and NIS2 compliance. Our comprehensive collection of practical templates and clear guidance will help your organization achieve sustainable and structured NIS2 compliance.
With the NIS2 Toolkit, you cover all relevant aspects of the NIS2 guidelines and meet legal requirements efficiently and effectively. The combination with the condignum platform optimizes your security strategy and strengthens the trust of your customers and partners. Benefit from our expertise and proven methods to achieve your cyber security goals quickly and reliably.
Rely on the NIS2 Toolkit and take your organization to a new level of security.
Cyber Trust Austria Label
The Austrian seal of approval for cyber security
By obtaining the Cyber Trust Austria Label - the Austrian seal of approval for cyber security - you can show that security is important to you and that your customers and partners can trust you.
The condignum platform supports you in preparing for this meaningful certification.
Content Library
Ready-to-use and proven content to support your security and compliance requirements
The condignum Content Library extends the Security Compliance Management and Security Controls Management modules with immediately requirements and measures catalogs. The catalogs contain both known standards standards, norms and laws, as well as established security best practices for Development and hardening of IT systems
The content is continuously expanded and updated from our experts.