Zurück zur Startseite

IT Security Concepts

IT Security Concepts

An IT security concept is the foundation for protecting your IT infrastructure. I create security concepts aligned with BSI IT-Grundschutz and ISO 27001, informed by current research on real-world security problems.

Services

  • Status Quo Analysis: Systematic assessment of your existing IT infrastructure, processes, and security measures. This includes documentation of network architecture, access controls, backup strategies, and existing policies. All subsequent steps build on this analysis.
  • Threat Modeling: Structured analysis of potential threats and attack vectors, tailored to your specific IT landscape and industry. I use established methods such as STRIDE and attack trees to systematically identify your critical attack surfaces.
  • BSI IT-Grundschutz & ISO 27001: Alignment of your security concept with established standards. Support in preparing for ISO 27001 or BSI IT-Grundschutz certification, including the required documentation and evidence.
  • Risk Assessment & Prioritization: Evaluation of identified risks by likelihood and impact. Prioritization of measures by cost-benefit ratio, so you invest your budget where it achieves the greatest protective effect.
  • Concrete Recommendations: Detailed action plan with clear responsibilities, timelines, and implementation steps — not an abstract report, but a document your team can work with directly.

What Does a Finished Security Concept Contain?

The completed security concept is a comprehensive document that typically includes:

  • Management Summary: Summary of key findings and recommendations for decision-makers — understandable without a technical background.
  • Status Quo Documentation: Detailed description of your current IT infrastructure, processes, and existing protective measures with maturity assessment.
  • Threat and Risk Analysis: Catalog of identified threats with risk assessment, visualized in a risk matrix.
  • Action Catalog: Prioritized list of concrete measures with responsibilities, estimated effort, timelines, and expected risk reduction.
  • Implementation Roadmap: Phased plan — which measures should be implemented immediately, short-term, and medium-term.

Research-Based Approach

My security concepts go beyond standard checklists. At CISPA Helmholtz Center, I research how development teams handle confidential credentials (API keys, passwords, certificates) in practice — and where typical vulnerabilities arise. These findings, published at venues including the USENIX Security conference, flow directly into my security concepts. This means recommendations grounded in empirical data from practice, not just theoretical frameworks.

Process

  1. Free Initial Consultation: Needs analysis and clarification of project scope.
  2. Status Quo Analysis: On-site or remote — one to several days depending on organization size.
  3. Threat Modeling and Risk Assessment: Structured analysis and documentation.
  4. Security Concept Creation: Including action catalog and implementation roadmap.
  5. Results Presentation: Presentation and joint discussion — on request for both the technical team and executive management.
  6. Optional Implementation Support: Assistance during implementation and regular reviews.

Who Is It For?

My security concepts are available for organizations in Hannover, Braunschweig, Bremen, Hamburg, and across Germany. Particularly suited for organizations that need to meet regulatory requirements such as NIS2 or GDPR, are pursuing ISO 27001 certification, or want to systematically review their existing security architecture.

Interested? Contact me for a free initial consultation.