Cyber Security Strategy Consulting for your business
With our many years of cross-domain experience in cyber security engineering, we also offer our customers tailor-made strategy consulting in the area of cyber security. The right cyber security strategy for your company is becoming increasingly important, because in recent years, regulatory bodies have identified cyber security as one of the defining characteristics of products and a backbone for our infrastructure and services. As such, there are numerous regulatory initiatives that aim to establish cyber security in different domains including but not limited to:
NIS2 for infrastructure service providers
UN R155 & R156 for automotive OEMs
EU Medical Device Regulation (MDR) for medical devices
EU Cyber Resilience Act (CRA) for every product with software and interfaces that is not covered under the aforementioned regulations
EU Machine Regulation
Cyber Security affects the entire organization
Common to all of these regulations is a focus on the risk identification and management of the services and products, typically as part of a cyber security management system (CSMS). The identified risks serve as a baseline to define adequate controls and countermeasures. Over the lifecycle of the services and products, monitoring events and incidents to ensure a quick and effective reaction to newly identified system vulnerabilities must be set up. Another key point of the regulations is to consider security for the entire supply chain, where norms such as ISO/SAE 21434 or IEC 62443 can serve as a guideline or even prerequisite. It is important to mention that these regulations target both the organizations with their processes and policies as well as the services and products themselves.
ITK Engineering – your partner from strategy to engineering
We offer consulting services to help our customers navigate the regulatory requirements and set up their business to create secure products. ITK is not a traditional consulting company. Our origin is hands-on engineering. Thus, we know the ins and outs of efficient security development processes and interdisciplinary engineering and apply this knowledge also in our strategy consulting projects. With our expertise and experience of many successful cyber security projects across domains, we have supported customers in establishing complete cyber security management systems (CSMS) or security engineering processes that have passed regulatory audits, while being tailored to the existing (development) processes of our customers. Especially the customization factor is essential, considering the technological and cost differences between companies. Therefore, our aim is to take a pragmatic approach to cyber security instead of rolling out a standardized CSMS that might be over the top for many customers.
Our cyber security strategy consulting portfolio
Strategyconsultingfor existing and upcoming regulations in different domains, like EU CRA, UNECE R155 and EU MDR
Process definition based on industrynorms, e.g. ISO/SAE 21434, IEC 62443, ISO 24089
Templates for cybersecurityprocesses, e.g. cyber security plan, item definition, risk analysis, concept, production control plan, cyber security interface agreement, cyber security case, cyber security specifications
Topic responsibilityat customer, i.e. definition of strategy and implementation of corresponding program, afterwards full project responsibility with reportingtomanagement, driving the individual workstreamsand ensuring meeting timeline and milestones
Our reference projects
Strategy consulting for Automotive OEM
We provided a turn-key solution for our customer by defining a strategy on how to implement cyber security in a way that matched the business goals and considered partners as well as synergies. Based on the strategy, we started the implementation on an organizational level with setting up a CSMS and obtained a Certificate of Compliance in alignment with approval authorities. Simultaneously, we supported the technical documentation and type approval for several car lines.
Strategy consulting for Commercial vehicle OEM
Our customer needed to comply with the UNECE R155 regulation for their products and they did not have a clear understanding of the impact on their organization. We supported our customer by defining the strategic goals and setting up a program after a detailed gap analysis. Our guidance enabled our customer to create their own efficient cyber security processes and take ownership of the security of their products.
Strategy consulting for Agricultural OEM
Regulation for the agricultural domain are still in flux, but the main cornerstones are available. Based on our experience and expertise, we supported the business-wide definition of a cyber security strategy for an agriculture OEM. We helped to set up a clear structure for implementing the strategy and actively participated in the implementation by defining methodology guidelines, processes and training structure. Also, our engineers directly applied the defined processes and methods in a pilot project to validate their effectiveness and practicality. It serves as a prime example of how strategy, processes and engineering activities interlock and highlights the unique value we offer beyond traditional consulting services.
We profit from our many years of experience in security engineering. This enables us to take a tailored and pragmatic approach to cyber security and helps us to identify the best solution for our customers.
