Today, security must be considered in everything - it's about Assume breach, Zero trust and Least privilege - i.e. time has passed from the old-fashioned way of thinking about IT security. It is quite well known that most harmful and major cyber attacks could have been simply avoided or at least reduced if the company had followed some general rules.

How we define IT security

Software security is about securing the company's software, both the software you develop yourself via Security by design, but also protection against supply-chain attacks, for example via a patch in a central application - including creating plans for vendor management and requirements.

Network security is the practice of securing and managing netork devices and network infrastructure.

Information security protects the integrity and confidentiality of data, both during storage and during transit.

Operational security is the protection of data, access to data, and storage of data. The permissions users have when accessing a network and the procedures that determine how and where data can be stored or shared fall into this category.

Identity security According to several sources, eight out of ten (80%) of all security breaches are identity-driven. These attacks often bypass traditional IT security by directly leveraging compromised credentials to perform lateral movements and launch larger and more severe attacks.

Unfortunately, identity-driven attacks are extremely difficult to detect. When a user's credentials have been compromised and a so-called "bad actor" pretends to be that user, it is often very difficult to distinguish between the user's typical behavior and the hacker's behavior using traditional security measures and tools. That is why Identity Security, built on a foundation of privileged access control, secures all identities – human or machine – throughout the lifecycle of access to critical systems or data.

Recovery and Business continuity define how an organization responds to an attack or other event that causes disruption or data loss. Disaster recovery policies dictate how the organization recovers operations and recovers data. Business continuity is the plan that the organization falls back on while trying to operate without all resources being fully available.

End user training targets the most unpredictable factor, the end user. Anyone can inadvertently introduce malicious code into an otherwise secure system if good security practices are not followed. In any organization, it is important to conduct regular training on threat awareness and correct response patterns.

So security is much more than firewalls and antivirus.

We have consultants who are specialists in securing the company's identities, i.e. users, enterprise apps, service accounts, etc. - we can advise on securing both foundation and identity all the way from on-premise AD, through hybrid to pure cloud identities.

We also have extensive experience in optimizing licenses so that our customers do not pay unnecessarily for security software that can be replaced with better alternatives.

Project examples

✓ CIS analysis

✓ Tiering

✓ Active Directory Penetration test

✓ D-mark qualification

✓ Preperation of supplier management

✓ Business Continuity Planning

✓ License optimization

Contact our security experts

Kent Rifbjerg Erichsen

Contact me

Jacob Laue Petersen

Contact me

Carsten Hagedorn Midtgaard

Contact me

Can we help you?

Contact us, we are always prepared with a helping hand! We are experts in our areas and have many years of experience from projects and customers in all sizes.