The information security in companies is called Moving Target. It therefore represents an object of constant change and high dynamics. In order to be able to assert oneself securely on the market in times of digitalization and Industry 4.0 and not become a victim of cyber attacks, numerous standards, measures and recommendations for action must be implemented. At present, however, there are no offerings that enable companies without sound specialist and expert knowledge to independently determine their current level of information security, evaluate threat scenarios and derive necessary measures. There is a lack of a pragmatic and efficient approach for these companies.
Our methodology achieves exactly this by using concrete threat scenarios as a starting point and deriving concrete measures from weak points or attack vectors. The consideration of a strategic anchoring increases the sustainable success of the bundled packages of measures.