Information security is a framework of governance, management and delivery; with guidelines, processes, methodologies, people and tools. Each individual measure interacts with other measures. But how do I start improving my information security?
There are two approaches that lead to a solution: Bottom-Up or Top-Down. The bottom-up approach can be used to solve a very specific problem or implement a very specific best practice. The top-down approach allows a holistic view of information security. This provides a structured approach to an individual information security management system (ISMS). In order to evaluate and improve the information security of entire organizations, asset and risk identification are first necessary. Threat modeling can be used to check individual systems and applications. Both require an approach tailored to the respective area: tailored to the industry and organizational form or tailored to the type of application. For this reason, Westernacher Solutions deals with asset and risk management, structural analysis and protection needs assessment in the justice system, public administration and also in churches. We also deal with a specific threat modeling methodology for cloud architectures and AI-supported solutions. To this end, we are expanding and specializing the general approach to include aspects of the cloud, AI and the judiciary, public administration and church, with the result of providing a particularly efficient cloud & AI thread model framework consisting of methodology and tooling. From the other perspective (the bottom-up approach), we deal with the OWASP projects (e.g. Top Ten and Top Ten for LLM) and IT basic protection building blocks (modeling using the building blocks). We anticipate specific information security challenges in our industry and think about solutions before our customers actually deal with them. One example of this is secure communication in the (pre-) quantum computer age. We specialize in this for the industry and for our customers’ typical architectures. To this end, we deal with threat and vulnerability management in relation to our market in order to identify market-specific weaknesses and threats and actively incorporate treatment measures into our products or discuss these with our customers in very concrete terms. The topic of threat intelligence – i.e. the generation of insights into threats through (among other things) event monitoring, correlation and analysis of vulnerabilities, exploits, motivations and capabilities – accompanies almost all activities. Another very specific challenge – promoted at least by NIS2 – is supply chain security. Here, our goal is to develop a methodology that ensures the continuous assessment of suppliers, software and smaller artifacts, taking into account a variety of information sources while maintaining high efficiency. Together with our clients, we develop supply chain management systems that integrate into the client’s overall information security framework.
Your contact person
Tobias Müller
Competence Center Lead Digital Security