Cases

Here are some of the cases, we are most proud of. Contact us to hear more about them.

IAM expert

Identity & Access Management

This complex area is overall dealing with subjects as identify, authenticate and authorize users. With the paradigm changing from perimeter security to zero trust security, the importance of IAM is ever increasing.

The cases, we have a lot of experience in are typically analyzing and nudging an IT system landscape to follow IAM best practices incl. SSO, MFA, RBAC, access review, PIM & PAM, password policy implementation, segregation of duty, monitoring, incident management and secure score dashboard. Read more.

O365 it security

Microsoft Office 365 & Azure

Enabling external sharing in the Office 365 environment in a controlled and secure way. The project delivered everything from the initial risk assessment to configuring Office 365, Azure and other systems and business processes that were necessary to mitigate all the identified risks.

Symantec data leakage prevention

Data Loss Prevention (DLP)

The client needed to ensure all confidential and personal data would not end up in the wrong hands. A DLP system was designed and implemented with the following detection vectors: email, network traffic incl. shadow IT and sharing files, sites and BI reports in Office 365 and endpoints like Citrix desktops and workstations.

sikkermail

SecureMail

Empowering all employees with proactive information on which email recipient does not support a secure email protocol. This allows the employee to communicate through a different channel and stay GDPR compliant.

The solution was rolling out an Outlook plugin, changing email routing and setting up DMARC incl. SPF and DKIM.

vulnerability tool

Vulnerability Management

The number of new vulnerabilities are increasing every year and this client responsible for its own maintenance (not SaaS) needed help with how to prioritize its mitigating actions in a timely and cost-efficient way.

This complex exercise resulted in a new vulnerability repository that automatically calculated the CVSS score based on external and internal parameters, conducted a deduplication and grouped and prioritized the mitigating actions so there are manageable for operations.

Power platform it-security.dk

Microsoft Power Platform

Developed Power Apps that empowered employees to register data that was previously the administrators’ task and thereby significantly reducing the process leadtime. Created Power BI reports that integrated multiple data sources that have never been cross referenced. Thereby, extracting precious business and security related insights. Developed PowerShell scripts to automate workflows i.e. create incident tickets based on a trigger and remove dormant users. 

patch management

Patch Management

The client was struggling with becoming PCI-DSS compliant because there was no proper ITIL conformed governance, patch management related tools nor risk assessment framework. The solution included all of these areas and the result was frequent, automated (where plausible / cost-effective), measurable patching of network equipment, storage (SAN), network printers, Windows server OS and Linux server OS. Read our LinkedIn article for more information.

IBM SIEM

Security Information and Event Management

From a compliance point of view, segregation of duty is an important concept. To ensure that a high-privileged account does not step over their boundaries or an account hasn’t been hacked, a SIEM system has been integrated with other systems and configured to capture unwanted events.

URS GxP, ISO 27001, GDPR, CIS, NIST CSF

User requirement specification

Some clients need assistance with gathering functional and non-functional requirements for a new IT system and ensuring that it includes all relevant IT security and privacy related compliance requirements. The result helps management to pick the right solution.

Vendor management

Vendor Selection

This is typically a continuation of a user requirement specification project where the goal is to find the vendor that satisfies the most the requirements. A key element in these cases is to determine the approach e.g. pre-qualified vendors, wide screening (guided by objective evaluation criteria) or EU licitation. These projects are typically interdisciplinary where IT Security/compliance are only few out of many areas that need to be evaluated.

technical team lead

Project Management – agile and traditional

This is typically a continuation of a user requirement specification project where tWe have also experience in project management where the steering committee either want to run it traditionally e.g. PRINCE2 or agile. The projects ranged from being a project manager for a group of external IT consultants, interdisciplinary team of Linux- and Windows Operations and architects and finally being a scum master for an agile SW development team.
 

tool and knowledge it-security.dk

Contact us to find out if we have already implemented a solution you are looking for.

It takes short time to find out and it can potentially save you weeks/months of time