IT-Security / Cybersecurity / ISO 27001

IT-Security / Cybersecurity / ISO 27001

One basic human need is the need for security.
Especially in times of globalisation, increasing mobility and the growing dependence of companies on the information and communication technology, the pressure on companies to take action to prevent damage and minimise the residual risk through active information security management is increasing.

The rule here: Security is a top priority.

I. IT security management (information security concept)

One widely held view is that security measures are inevitably associated with expensive investments in security technology and employing highly qualified personnel. But this is not true.
The most important success factors are common sense, well-thought-out organisational policies, and reliable and well-informed employees who autonomously observe security requirements in a disciplined and routine way. Creating and implementing an efficient and effective information security concept thus does not need to be horribly expensive.

BDO can assist you with the following services:

  • Conducting an IT protection needs analysis
  • Creating/auditing an IT security policy
  • Creating/auditing an employee policy ‘IT security in the workplace’
  • Holding awareness training for employees
  • Creating/auditing a general IT security concept
  • Creating/auditing specific IT security business concepts
  • Establishing an information security management system


II. Business continuity planning (contingency management)

According to Germany’s Federal Office for Information Security, business continuity planning is a process that aims, at an early stage, to detect serious risks for a company that threaten the company’s survival, and to establish countermeasures.

Business continuity planning comprises a planned and organised approach to sustainably increasing the resilience of an enterprise’s (time-)critical business processes, responding appropriately to incidents and being able to take up operations again as quickly as possible.
Business continuity planning is also known as business continuity management (BCM).

We are happy to support you in the following areas:

  • Establishing/introducing or evaluating BCP procedures and contingency/backup solutions
  • Establishing/introducing or evaluating data outsourcing methods
  • Support in creating BCP procedures and contingency/backup solutions
  • Monitoring and evaluation of BCP and contingency/backup exercises


III. Audits for network and operating system security:

As part of our activities in the field of IT security, we also offer tests at a high technical level. Our experts are available for the following topics:

  • Inventorying and detailed technical examination of policies and measures for the protection of network infrastructures (including firewalls, intrusion detection systems)
  • Inventorying and detailed technical examination of policies and measures for securing Windows-based server systems and Active Directory domains (e.g. system configurations, access controls, management of user/group accounts, Group Policy objects, share/NTFS permissions, patch/update management)
  • Inventorying and detailed technical examination of policies and measures for the protection of Unix-/Linux-based server systems (e.g. system configurations, management of user/group accounts, file system security, network file shares, system/network services, patch/update management)


IV. Penetration testing

We offer our clients penetration testing, including comprehensive security tests on individual computers or networks, regardless of their size. The penetration test relies on security scanning software and tools/resources that a potential attacker (hacker) would deploy to infiltrate (penetrate) the system without authorisation.

The penetration test thus detects vulnerabilities of the defined system against such attacks, which can then be selectively eliminated.


V. ISO 27001:

The implementation of an information security management system (ISMS) based on the international standard ISO/IEC 27001 supports companies in the systematic identification and analysis of risks that arise in the context of using information, through to rolling out and maintaining appropriate monitoring and control mechanisms.

BDO with its experts can assist you both in the establishment of such an information security management system and in auditing existing systems.

The content of this support can include:

  • Defining a relevant IT network
  • IT structure analysis of the IT network (analysis of actual status)
  • Analysis and documentation of existing information technology
  • Establishing the protection requirements (starting from the applications)
  • Modelling based on IT baseline protection
  • Mapping the modules of the IT baseline protection manual against the components of the defined IT network
  • Basic security check (target/actual comparison)
  • Additional risk analysis (high/very high protection requirements)
  • Consolidation and implementation of the actions

If so desired, we can also offer an audit by a licensed BSI auditor with subsequent BSI certification.



Request for proposal


Contact us!

Frank Gerber

Frank Gerber

German Public Auditor, Certified Tax Advisor, Partner, IT & Controls Assurance
personView bio