condignum logo
Security-Rating

Security Controls Management

Proactively secure development and operations to prevent vulnerabilities from occurring in the first place.

Easy identification, management and governance of security controls for critical assets.

If security is only treated as an "afterthought", this leads to a lot of unnecessary stress, high costs and countless problems in the long run. Therefore, security must be considered as early as possible in the lifecycle of an asset - according to the "shift left" philosophy. The condignum Security Controls Management helps you to identify the appropriate security controls for each challenge, to manage their implementation and to track them throughout the entire lifecycle.

Platform Use Cases

Content Library

Application Security

All the way from the secure development process to specific secure coding guidelines.

    • Specific secure coding requirements and design best practices are identified for each application, depending on its individual characteristics, and can be integrated into the development process in a structured and reproducible way. Thanks to detailed instructions, neither the identification nor the implementation of these measures require a lot of security know-how.

    • With the help of customisable analysis capabilities and dashboards, the existing application portfolio and the security status of the applications it contains are always in view.

    • Overview of the application portfolio and its security status
    • Ongoing optimisation of the secure software development lifecycle
    • Know-how transfer through guided "learning by doing" for technical employees
    • Pre-selected and prioritised secure coding measures and secure design best practices
    • Detailed instructions and code examples from security experts
    • Tools for structured and reproducible implementation

    Operational Security

    Bullet-Proof System Configurations

      • Specific security hardening measures and secure configuration best practices are identified for all components of the IT infrastructure , depending on the individual characteristics of each component, and can be implemented in a structured and reproducible way.

      • Thanks to detailed instructions, neither the identification nor the implementation require a lot of security know-how. And with the help of customisable analysis options and dashboards, the ongoing IT operation and the security status of all components can be monitored at all times.

      • Overview of all IT components and their security status (incl. trend analyses)
      • Continuous increase of the security level through carefully selected security measures
      • Know-how transfer through guided "learning by doing" for technical employees
      • Pre-selected and prioritised security hardening measures and config best practices
      • Detailed instructions and configuration examples from security experts
      • Tools for structured and reproducible implementation

      Threat Modeling

      Identify threats before they cause harm

        • Possible threats and their impact on applications, IT systems and infrastructure are identified and security controls defined. Thanks to detailed instructions, neither the identification nor the mitigation requires a lot of security know-how.

          • Overview of relevant threats to applications, IT systems and infrastructure, including technical risk assessments.
          • Prioritised tasks for proactive, structured and verifiable mitigation
          • Detailed instructions for the implementation of security measures

        Cloud Security

        Security - even more so in the cloud

          • Security best practices are identified for the use of cloud technologies, depending on their individual characteristics, and can be implemented in a structured and verifiable manner. Thanks to detailed instructions, neither the identification nor the implementation requires a lot of security know-how.

            • Specific security best practices - both cross-technology and technology-specific for AWS and MS 365/Azure.
            • Tools for structured and verifiable implementation
            • Detailed instructions for the implementation of tasks

          Security according to the BSI IT-Grundschutz Compendium

          Establish and manage security in accordance with the BSI IT-Grundschutz Compendium

            • The security requirements of the BSI IT-Grundschutz Compendium are made accessible and can be implemented in a structured and verifiable manner. In addition, the current implementation status can be visualised at any time.

              • Vorgefilterte Security Maßnahmen des BSI IT-Grundschutz-Kompendiums
              • Tools for structured and verifiable implementation
              • Overview of the current implementation status
              • Trend analyses

            Asset Security Rating

            Security status at a glance

              • The security level of the organisation's assets is always visible and comparable at a glance.

              • This is made possible by calculating a simple security rating for each asset on a scale of A - E, based on the remidiation status of the identified vulnerabilities. Keep the overview and set priorities.

                • SSecurity rating on a scale of A - E for individual assets
                • Security rating comparison between assets

              Content Library

              Ready-to-use and proven content to support your security and compliance requirements

                • The condignum Content Library extends the Security Compliance Management and Security Controls Management modules with immediately requirements and measures catalogs. The catalogs contain both known standards standards, norms and laws, as well as established security best practices for Development and hardening of IT systems

                  • The content is continuously expanded and updated from our experts.
                Request demo