IT / OT / IoT Security Assessment

IT systems are increasingly exposed to attacks – whether through the network, via social engineering or through direct physical access, the list of attack possibilities is getting longer and longer. A similar development is also evident in Operational Technology (OT), which are the systems that control technical and physical processes (such as ICS (Industrial Control Systems), PLCs or SCADA systems). In order to know the risks for your own infrastructure and to be able to evaluate them objectively, a security assessment identifies and assesses existing vulnerabilities and security problems.

An important prerequisite for carrying out an assessment is the definition of the objective, the scope and the focus. Based on many years of experience, we work together with you to determine these aspects in advance in order to achieve the best result with the optimal use of resources.

We can offer different procedures for checking technical and organizational security aspects, for example:

  • Audits or GAP analysis according to various standards (ISO 27001, IEC 62443, etc.)
  • Preparation of a report on expert opinion for the evaluation of security aspects
  • Security Architecture Review – Assessment of the attack surface and mitigation measures for new systems (threat analysis)
  • Security analysis of IoT systems – Analysis of vulnerabilities and threats for IoT architectures / devices / systems
  • Vulnerability Assessment – Review systems for known technical vulnerabilities
  • Penetration Testing – Testing systems / organizations for security issues
  • Red Team Assessment – Holistic assessment of organizations for vulnerabilities
  • Physical Penetration Tests – Testing physical security measures such as access mechanisms, etc.
  • Social Engineering – Review of the effectiveness of security awareness measures
  • Web Application Security Tests – Testing Web Applications or Web Interfaces
  • Your specific topic that should be tested:   request

B-SEC better secure KG was appointed as a “qualified body” according to the Austrian implementation of the European NIS directive. We can therefore carry out security audits for operators of essential services to provide the required evidence for the implementation of security measures mandated by the Austrian NIS act.