Cybersecurity

Cybersecurity - the protection of an organisation against cyber attacks - needs to be planned and managed. Our cybersecurity consulting services help you to assess the current cybersecurity maturity of your organisation, develop a cybersecurity strategy or create and implement a roadmap with specific protective measures. We contribute our many years of experience from numerous customer projects and our knowledge of recognised standards and methodologies such as the NIST Cybersecurity Framework, the ICT minimum standard of the Swiss Government or the standards of the ISO/IEC 27000 series.

A comprehensive view

Cybersecurity affects all organisations today, regardless of size or sector. The increasing digitalisation of all areas of life brings with it great opportunities, but also new and changing risks. The growing dependence of all business activities on IT resources increases the attack surface for cyber-attacks and the potential damage from a cyber-attack. Digitalisation must therefore always be accompanied by appropriate cybersecurity measures.

Various regulators and authorities have recognised the importance of a comprehensive view of cybersecurity. In some cases, the topic has been included in regulatory requirements - e.g. in FINMA Circular 2008/21 “Operational Risks - Banks” - and is specifically considered as part of audits and controls. The NIST Cybersecurity Framework or the federal government’s minimum ICT standard are often used as a basis for assessing an organisation’s cybersecurity maturity.

Not every organisation is equally exposed to the threat of cyber attacks. A cyber strategy must always be tailored to an organisation’s needs and environment. The specific threat landscape and associated risks need to be identified. The level of maturity to be achieved in the various areas of cybersecurity must then be determined. The specific measures to be implemented must be derived from standards and best practices.

Six steps to cybersecurity

There are six steps to establishing and ensuring the proper implementation of cybersecurity in an organisation, which can be summarised as follows:

• Maturity Assessment
  Start by determining the cybersecurity maturity of the organisation, referred to as the “Current Profile” in the NIST Cybersecurity Framework (NIST CSF).
• Threat and risk analysis
  The threats and resulting risks to the organisation must be identified and compared to the current cybersecurity maturity.
• Cybersecurity Strategy and Architecture
  The cybersecurity strategy must define how the threats will be addressed and how the target maturity (“Target Profile” in the NIST CSF) will be achieved. The target maturity depends on the threat situation and the organisation’s risk appetite. Individual measures are brought together in a holistic security architecture.
• Cybersecurity Plan and Roadmap
  Based on the maturity assessment, risk analysis and cybersecurity strategy, a roadmap must be developed to achieve the desired target state.
• Implementing the roadmap
  The next step is to implement the actions from the roadmap. Depending on the initial situation and the target maturity to be achieved, a programme with several projects is required to implement short and long-term measures.
• Monitoring and control
  The implemented measures need to be regularly reviewed for appropriateness and effectiveness.

In our experience, some aspects of cybersecurity are already in place in most organisations. However, we believe it is useful and helpful to consider and address cybersecurity as a whole. This is the only way to ensure that limited resources are used efficiently and effectively. We can help you to take a holistic view of cybersecurity in your organisation, but also to develop specific aspects of a cybersecurity strategy or to design and implement specific cybersecurity measures.

Customer benefits

Our cybersecurity consultants’ years of experience and in-depth knowledge of the cybersecurity requirements of different companies and industries enable them to quickly understand our clients’ needs, identify the necessary measures and define an appropriate approach together with the client. As a customer, you benefit from an approach that is tailored to your needs and that draws on our experience with similar organisations. The combination of our technical expertise and our management skills means that we not only get the technology right, but we also get the organisation right. For example, we develop the necessary cybersecurity requirements or define the required organisational and operational structure.

Our cybersecurity advice is always tailored to the current state and needs of your organisation.