Managed SASE
Managed Infrastructure
Analytics as a Service
Information Security as Service
Security Strategy
Security Architecture
Technology Consulting
GRC
Security Awareness
Cyber Resilience
Network Security
Content Security
Application Security
Cloud Security
Infrastructure Security
OT Security
Endpoint Security
Security Analytics
Team
Working at ensec
Facts and Figures
Services
Chief Information Security Officers (CISO) are responsible for the company’s information security. Their tasks include assessing and dealing with security risks, advising management and IT, establishing guidelines, evaluating concepts and leading the implementation of projects.
The increasing complexity of the subject matter, the dried-up personnel market and tight budgets do not make it easy to fill a CISO position. Incidentally, CISOs who are looking for support for themselves or their team also face similar obstacles.
Needs-based service
When it comes to filling or supporting a CISO role, the needs and requirements of each company are individual. Whether interim management, project support or the targeted outsourcing of certain tasks, such as in the area of compliance and risk management: ensec is happy to customise the CISO mandate to the specific requirements of your company.
CISO as a Service is provided by our best security experts with industry-relevant certifications (CISM, CISA, etc.). In addition, we can ensure a fast familiarisation period thanks to our extensive know-how and wealth of experience and achieve maximum flexibility in terms of workload.
The appointment of a Data Protection Officer, Data Protection Advisor or Data Privacy Officer (DPO) is mandatory in some cases and highly recommended in others to implement all the processes and controls and ensure ongoing compliance with the relevant legislation.
Advantages of our service
Data protection is required by law, but it is by no means a purely legal matter. Quite the opposite. Basically, it is about creating transparency for all persons, the so-called data subjects, giving them options and preventing companies from hiding behind legal texts that are difficult to understand. A company’s data protection officer must be able to navigate through the relevant laws, regulations and legal interpretations. However, in-depth knowledge of processes and techniques is at least as important. Anyone who does not understand the function of an application with regard to its data processing and storage and cannot check security techniques for their correct application will never be able to assess a company’s compliance with external data protection requirements. A complex matter that ensec is happy to take on professionally.
With DPO as a Service, ensec provides companies with qualified data protection experts who have a profound understanding of business processes and also have extensive knowledge in the field of IT, especially IT security.
Customised
Although most companies face similar challenges when filling the position of data protection officer, the needs and requirements are usually very individualised. Whether a full-time job, part-time job or selective support, whether interim management, project support or the outsourcing of specific tasks, such as the creation and maintenance of a data register: ensec easily adapts its mandate to the needs of each individual company.
The implementation of successful security awareness measures requires specialised knowledge and ties up resources. ensec offers a service under the term “Managed Security Awareness” which includes the following work as standard:
- Regular online training for employees (short sequences, up to 12 times a year)
- Attack simulations in the form of phishing tests (up to 24x per year)
- Regular reporting (awareness level, training progress, click and report rates)
- Special training for “risky users”
- Platform for service provision
- Phish alert button for Outlook (for reporting real and simulated phishing emails)
- User support
The service can be customised to your individual needs and supplemented with the following components, among others:
- Spear phishing campaigns (targeted/ customised
- hishing attacks for specific employees/groups)
- USB drop tests
- Creation of customised phishing templates
- Integration of own content (SCORM modules, videos)
- Distribution of topic-specific documents (directives, standards, etc.)
- Differentiation between several training groups
