Initial situation: A rise in cyber attacks made it necessary to systematically improve information security.

Objective: Implement basic security measures, introduce a basic ISMS, raise staff awareness, initially implement IAM and PIM/PAM processes, and draw up a contingency plan.

Result: Basic ISMS successfully introduced, penetration tests carried out, awareness rate improved, IAM/PIM/PAM processes initially implemented, contingency plan simulated.

The baseline analysis comprised a comprehensive risk assessment, penetration tests across the entire company including branches, and employee awareness tests. Building on this, a basic ISMS was implemented, suitable governance, risk and compliance (GRC) tools were selected, and an awareness campaign with targeted training was developed. IAM and PIM/PAM processes for joiners, movers and leavers were partially automated and seamlessly integrated into existing user management processes. In addition, a cyber incident response plan was developed to prepare the company for future security incidents. The result is a basic information security framework in place, a more resilient infrastructure, and a company that is well-equipped to deal with potential cyber incidents.