On 23 October 2024, The Consulting Report platform announced the top 25 consultants and managers in 2024 in the ‘Cybersecurity’ category. We are thrilled that our colleague Andreas Grau is among them!
As Head of Cyber Security at Consileon, Andreas Grau advises clients on everything from process analysis and the determination of individual protection requirements to the implementation of adequate security measures against cybercrime. He and his team are also at your side when it comes to implementing information security systems (ISMS) in accordance with ISO 27001, TISAX, or B3S.
Cybercriminals are becoming increasingly professional, and attacks are becoming more frequent and complex. Companies, governments, and institutions of all industries and sizes are turning to cybersecurity experts as consultants to strengthen their defenses and to respond quickly to new security challenges. These professionals help organizations navigate the dynamic cyber risk landscape. The Consulting Report award confirms that Consileon is at the forefront of advancing cybersecurity strategies.
The award winners were selected through a methodical nomination process and careful consideration of each candidate’s professional career and industry contributions. The complete list can be found here.
Consileon congratulates all winners and is exceptionally proud of this award!
The ISO/IEC 27001 standard is an internationally recognized standard for information security management systems (ISMS). This standard defines the requirements for the establishment, implementation, maintenance and continuous improvement of an ISMS in order to systematically address an organization’s information security risks. It provides a structured framework for information security across all levels, the permanent protection of confidential data, the integrity of information and the unrestricted availability of critical systems.
Following the introduction of the NIS2 directive, the security of network and information systems, and therefore ISO/IEC 27001, is becoming even more important. NIS-2 aims to strengthen cybersecurity in the EU and sets out requirements for companies and organizations that operate critical infrastructure. Implementing an ISMS in accordance with ISO/IEC 27001 is a solid basis for fulfilling the requirements of NIS-2 and preparing for a secure digital future.
Regardless of the industry, organizations today face a multitude of dangers: Cyberattacks, data loss, insider threats. The consequences of security breaches can be serious: financial losses, reputational damage, legal consequences and even sanctions and substantial fines for those responsible. ISO/IEC 27001 contains the tools to identify, assess and eliminate information security risks, specifically tailored to the needs and threats in an organization.
Whether in the financial sector, in healthcare, manufacturing or retail, ISO/IEC 27001 helps companies across all industries to standardize their security practices, meet regulatory requirements and earn the trust of customers and business partners. The standard can be applied flexibly to any type of organization and any size of company. It is industry independent and can also be of interest to industries that implement their own standard. Many industry standards are based on the international standard, meaning that ISO/IEC 27001 often offers a good starting point on which the organization can gradually build. In addition, as a common basis for various industry standards, ISO is an ideal link if an organization needs to comply with several standards at the same time.
The implementation of an ISMS begins with a thorough risk analysis, in which potential threats and vulnerabilities are identified and their potential impact assessed. Specific security controls and measures are then defined and integrated into the company’s processes.
Employees are an integral part of any ISMS. They must receive regular training and, above all, understand that they are at the center of the security measures. In addition, the standard specifies how security guidelines must be documented, monitored, reviewed and improved.
Information security is not a one-time event, but a dynamic process that must be constantly adapted and improved. ISO/IEC 27001 emphasizes the need for a continuous improvement process, in which organizations regularly review their security practices and adapt them to new threats and technological developments.
We offer our expertise to help prepare your organization for optional ISO/IEC 27001 certification and maintain it in the long term. Together, we will secure critical information in your organization and strengthen your position in an increasingly digitalized and networked business environment.
TISAX (Trusted Information Security Assessment Exchange) is an assessment and exchange mechanism developed for the automotive industry. It is based on the international standard for information security ISO/IEC 27001 and addresses specific requirements and best practices for information security within the industry. The German Association of the Automotive Industry has created a test catalogue (ISA, Information Security Assessment) to provide standardized assessment of information security for automotive manufacturers and suppliers. The assessment catalogue takes into account the specific requirements and risks of the automotive industry, which makes it more effective in this context compared to general standards.
Companies can share their TISAX assessments with business partners, which increases transparency and trust throughout the supply chain. The exchange of assessment results between contractual partners in the industry takes place via the portal of the European association ENX. TISAX also helps the industry to fulfil legal requirements, such as the EU directive NIS-2, for network and information security.
A structured and strategic approach is required to fulfil TISAX requirements. This is provided by an information security management system (ISMS). A thorough assessment of existing risks is the first step. This includes identifying threats and vulnerabilities and assessing their potential impact. Based on the risk assessment, security policies and procedures are developed to meet the specific requirements of the organization. Employees at all levels must be informed and trained on the importance of information security. Information security is an ongoing process. The introduction of an ISMS ensures that security measures are regularly reviewed and improved.
Participation in TISAX is a crucial measure for all companies in the automotive industry supply chain. It ensures information security across the entire value chain in times of ever-increasing cyber threats. Participation is now a prerequisite for OEMs and many companies in the industry to work together.
Consileon is your reliable partner for the introduction or expansion of an ISMS that fulfills TISAX requirements. Our services include initial assessment, training of the employees, risk management, preparation of the necessary documentation and guidelines, advice on the selection and implementation of technical security solutions as well as assessment preparation and support throughout the entire assessment process.
With our expertise and experience in the automotive industry, we ensure the TISAX label is awarded to your company and secured for the long term. Together, we customize your information security system to meet the highest standards and to ensure that your company remains competitive.
We are pleased to announce our new partnership with AIS – Advanced IT-Security Solutions GmbH. This involves the ‘Findalyze Attack Surface Explorer’ software, which identifies vulnerabilities in the area of cyber security and creates criticality assessments.
Active scanning for vulnerabilities is not only a critical step in the defence against cyber attacks, but is often also part of regulatory requirements. In the course of numerous cyber security projects with customers from various industries, we recognise the need and considerable added value in supplementing our consulting services with suitable software support.
