Notebook with lock

adesso Security Services

Our solutions for tomorrow’s IT

Staying safe with Security Services

With adesso Security Services, we help protect your core business processes by implementing targeted risk management for cyber and information security. Take advantage of our proven methods, tools, and project experience.

Challenges as drivers:
  • Technological change and digitalisation: networking, mobilisation and digitalisation challenge your ability to innovate and adapt.
  • Laws and regulation: non-compliance can lead to drastic penalties.
  • The cloud and cybercrime: a successful cyber-attack can have consequences that threaten the very existence of companies.
  • Changes in requirements and competitive situation: steadily increasing requirements to maintain the competitive position.
  • Lack of skills and resources: information security means investing both in technology and in skills.
  • Changing values and image: poor data protection and information security damage the corporate image.

Our fields of expertise

Protecting mission-critical data is essential for any business. This means understanding how important your data is and recognizing the risks. With this awareness, a company can take the right steps to respond and set up effective proactive and reactive measures. Achieving this requires a well-rounded approach, balancing technology, organization, and people.

Our fields of activity

Along with natural disasters and pandemics, ransomware and DDoS attacks are the main threats to the availability of business-critical processes. Our specialists are experts in the areas of offensive, defensive and IT security, where we use a variety of standards to guarantee the highest level of security.

Offensive security
  • Maturity assessment
  • Threat and vulnerability assessment
  • Network security checks
  • Pentesting on layers 3, 4 and 7
Defensive security
  • Incident response and business continuity
  • Incident process consulting
  • Emergency planning
  • IT service and business continuity
  • IT emergency management for cyber incidents
IT security
  • Cyber security checks
  • Technical security audits
  • Implementation support
  • ISO/IEC 27032 CYBER
  • SIEM
  • NIST
  • CIS, IRC

To handle sensitive information in a responsible way, you need to set up an information security management system (ISMS). This helps to identify and adopt the necessary measures and check their effectiveness. Taking into account the relevant standards, we support you during the analysis, consultation and implementation phases.


  • Define ISMS maturity levels
  • Conduct GAP analyses
  • Carry out protection requirements and business impact analyses
  • Cloud compliance


  • Create security concepts
  • 1st, 2nd and 3rd party audits
  • CISO/ISB coaching and interim functions
  • Select and design ISMS/GRC tools


  • Implement, operate and optimise ISMSs
  • Set up, migrate and implement multiscope ISMSs
  • Tool-based management systems
  • Training and awareness


  • Information security
  • ISO/IEC 27005 RISK
  • IT-Grundschutz (BSI (German Federal Office for Information Security) methodology)
  • WLA

adesso IT Management Consulting optimises your IT department at a strategic, technological and organisational level, helping you to complete the switch to a flexible, cloud-based IT service structure while ensuring compliance with regulatory requirements.

KRITIS (=critical infrastructure) sectors

  • Automotive
  • Energy
  • Health
  • Motorways
  • Finance
  • Waste management

Subject to BAFIN regulations

  • Banks
  • Insurance providers
  • Capital management firms
  • Payment service providers


  • Conduct readiness checks
  • Resolve issues identified during audits
  • Establish compliance with regulatory requirements


  • ISO 13485
  • ESMA
  • EBA guidelines
  • HIPA
  • DORA
  • NIS2

To ensure the success of your company, it is essential that business (critical) processes can continue to run without any disruption. This makes business continuity management (BCM) an important component of corporate risk management. Taking into account the relevant standards, we support you during the analysis, consultation and implementation phases.


  • Define ISMS maturity levels
  • Conduct GAP analyses
  • Carry out business impact and risk impact analyses
  • Respond to incidents


  • Business continuity management (BCM) and IT service continuity management (ITSCM)
  • Create emergency and restart concepts
  • 1st, 2nd and 3rd party audits


  • Set up, migrate and implement integrated BCM systems
  • Emergency and crisis management team drills
  • Evaluate BCM tools


  • ISO 22301
  • ITIL
  • ISO/IEC 27031
  • BSI 200-4

In the context of cyber security and IT security, risk management entails the analysis of digital risks such as cyber attacks, data loss, data breaches and other threats that may pose a risk to the integrity, confidentiality and availability of information and systems. Our services include:

  • Implementation, operation and optimisation of integrated risk management processes
  • Workshops and courses
  • Operational risk management and risk treatment


  • ISO/IEC 27005
  • ISO 31000
  • MARisk

In the context of cyber security, awareness measures refer to activities that aim to increase the awareness and knowledge of employees in the company regarding risks, best practices and how to deal with digital threats. These measures are particularly important in order to minimise human error and ensure the security of information, systems and networks. Our services include:

  • Security awareness campaigns (online, in-person, e-learning)
  • Phishing campaigns
  • Live hacking
  • Training and further education for management system officers, ISMS/BCMS implementers as well as internal and external auditors
  • Advanced training in cyber and IT security

In order to be able to implement the requirements of data protection or the EU GDPR in a compliant manner, it is essential to operate a (data protection) management system that takes into account all relevant technical and organisational aspects. Taking into account the relevant standards, we support you during the analysis, consultation and implementation phases.


  • Define ISMS maturity levels
  • Conduct GAP analyses
  • Carry out protection requirements and business impact analyses
  • Cloud compliance


  • Design and implement data protection management and associated processes in accordance with EU GDPR
  • Develop technical organisational measures (TOMs)


  • Establish a privacy information management system according to ISO 27701
  • Provision of an external data protection officer
  • Hold training sessions and run awareness campaigns


  • ISO 27018
  • ISO/IEC 27701 PIMS

More and more processes and use cases are anchored in digital systems. At the same time, the rapid pace of technological change in organisations opens up new opportunities for cyber criminals.

Our experts support you in these challenges. With our expertise, we offer you a comprehensive portfolio across the entire software development cycle.

Identity and access management (IAM) is a concept and set of technologies, procedures and policies for managing the digital identity of users, devices and applications, and for controlling access to resources in a corporate network or IT environment. The main goal of IAM is to ensure that the right people or entities can access the right resources at the right time while ensuring security and compliance. Taking into account the relevant standards, we support you during the analysis, consultation and implementation phases.


  • Define ISMS maturity levels
  • IAM governance
  • Cloud compliance


  • Support in the creation of IAM concepts
  • Development of role-based access concepts for different technologies and platforms
  • Authorisation modelling


  • Implement IAM in the areas of identity lifecycle management, access management and identity governance
  • Connect applications to the IAM system
  • Usage tracking


  • IAM
  • PAM

The requirements for the use and secure handling of the IDV applications in operation must be reviewed, adapted accordingly if necessary and operationalised. This ensures that BAFIN-specific requirements are met.

With our comprehensive industry knowledge and specialised experts, we support you in the implementation and operationalisation of BAFIN requirements. We support you in the following phases:

  • Creation of an IDV guideline
  • Documentation of the IDV applications
  • Definition or customisation of the IDV inventory
  • Carrying out a protection requirements analysis
  • IDV development process

The advantages are plain to see

1. Our Experience: adesso has many years of cross-industry expertise in building custom-fit solutions for small and large companies.

2. Vendor-Independent Approach: adesso is not committed to any specific vendor and has developed its own templates and frameworks to accelerate projects.

3. Certified Professionals: adesso offers an experienced team with certified experts in the relevant fields.

4. Pracmatic Operationalisation: adesso is not only about planning and performing analyses, but we also excel when it comes to devising highly pragmatic operational schemes.

Successful cooperation for your added value

Our partnerships

adesso relies on various partners and memberships in the security environment. It takes a tightly knit network to design successful cyber security measures to protect your valuable know-how.

>> Let's get in touch!

Save this page. Remove this page.