CYRENZH Cybersecurity Clinic Service Portfolio

The services provided by the CYRENZH Cybersecurity Clinic are mainly in the following seven categories:

Please note that these service can be offered at different levels of detail, depending on the size of your organization, your IT-infrastructure, your project requirements and the project volume. Below, you find more information about the service categories, and also some typical project examples in each category. 

Basic Security Consulting

This basic security service is primarily intended for clients that want to get a general overview of the state of security in their environment, without going too much into the details. It’s also well-suited for clients that are only starting to think about security and that want to find out where they should set a focus in the future. Basic security consulting projects are typically relatively small engagements. Examples include the following:

  • Overall security health check with respect to technology, organization, processes, people, or a combination thereof

Security Analysis & Testing

Security analysis & testing services focus on technology with the goal to find vulnerabilities and security-relevant configuration errors. Corresponding projects can focus on conceptual (e.g., analyzing a system design) or practical (e.g., analyzing vulnerabilities in an implemented system) aspects, or both. Examples include the following:

  • Penetration testing of applications (e.g., web applications, mobile apps) 
  • Vulnerability scanning of applications, systems, or entire environments
  • Analysis of a security design using threat modeling
  • Security evaluation of network security architectures

Security Engineering & Solutions

Security engineering & solutions services focus on selecting and creating technical solutions for security challenges. Corresponding projects can cover evaluation, conceptualization (design), and implementation.

Examples include the following:

  • Design and implementation of a security concept for an environment, including selection and prioritizing security controls 
  • Design of network security architectures
  • Security design of applications (e.g., web applications, mobile apps)
  • Support with the interpretation and mitigation of results of a security test (e.g., of a penetration test done by another company)
  • Establishing a secure software development process and support during different phases 
  • Selecting suitable open-source security products/solutions for a company, and implementing them

Security Risk Assessment & Management

Security risk assessment & management services focus on the overall main security risks in an environment and corresponding reasonable strategies to mitigate the identified risks. In addition, services can also cover financial aspects of security measures. Examples include the following:

  • Risk assessment of IT infrastructure and environments, and mitigation strategies
  • Application of security management frameworks with basic controls
  • Attack surface identification and management
  • Budgeting and resource allocation with respect to security 
  • Trade-offs between business needs and security requirements
  • Risk Analysis with preceding open-source intelligence (OSINT) analysis
  • OSINT and Design Thinking: systemic / organizational risk analysis
  • Determining IT assets and creating an IT asset inventory

Security Awareness & Human Factors

Security awareness & human factors services put a strong focus on human aspects of cyber security. The aim is to improve the perception and behavior of people (e.g., employees in a company) with respect to security, to reduce the risk of security mistakes due to human error. Examples include the following:

  • Security awareness training (e.g., with respect to social engineering)
  • Security communication / storytelling to bring security concepts to different stakeholders in a company 

Security Education

Security education services are concerned with educating and training employees in a company in the context of cyber security. Examples include the following:

  • Creating tailored material for company-internal security education
  • Basic “how to do security” services (e.g., how to configure a firewall)

Privacy & Law

Privacy & law services are concerned with legal aspects of cyber security. Examples include the following:

  • Checking compliance with privacy regulations
  • Security analysis for legal consequences