| STEP | MODULE | OBJECTIVE | DURATION |
|---|---|---|---|
| 1 | Gap Analysis & Risk Assessment | Analysis of the existing IT and security landscape. Identification of vulnerabilities and risks based on ISO/IEC 27005 and NIS-2 specific requirements. | 2 weeks |
| 2 | Governance & Compliance Framework | Development of a tailored governance model including policies (e.g., ISMS, BCM), role models (CISO, Security Officer), and internal control mechanisms. | 3 weeks |
| 3 | Technical & Organisational Measures (TOMs) | Development of a catalog of measures including SIEM, IDS/IPS, vulnerability management, physical security measures, and cloud security guidelines. | 3-4 weeks |
| 4 | Awareness Training | Rollout of target-group-oriented training, including for IT, business units, and executive management. | 2 weeks |
| 5 | Continuous Monitoring & Incident Response | Establishment of effective security monitoring and creation of an emergency and reporting concept according to NIS-2 obligations. | ongoing |
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
