Kosifuchs
Cyber Resilience for SMBs & Non-profits
DE EN
Home IT Security Hardening Monitoring/SOC Email Security Blog Sale Downloads Contact For employers For clients For private Resources Imprint Privacy Login
For clients
Cyber Resilience for SMBs & Non-profits

This page is for clients — especially SMBs and non-profits — who want to improve their IT security in a structured, traceable and realistic way. The goal is measurable security uplift and a resilient baseline for operations, audit readiness and — if desired — later certification.

I work pragmatically and transparently, without unnecessary complexity. Measures are implemented so they hold up in day-to-day reality, remain documentable, and stay sustainable over time.

Request a free first check Get in touch

Who this is a good fit for

  • small and medium-sized businesses (SMBs)
  • non-profits and community organizations
  • organizations without an internal IT/security department
  • teams who want security that is understandable, implementable and maintainable

How we work together

  1. initial contact or a free first check
  2. structured assessment of the current situation
  3. prioritization by risk, effort and impact
  4. implementation or guided support
  5. documentation and clear, non-technical reporting (if needed)

Services at a glance

  • baseline hardening for systems and accounts
  • network and firewall concepts
  • VPN and secure remote access
  • email security & phishing protection
  • monitoring & log review (SOC-style, SMB-friendly)
  • documentation & security policies

Framework-based review & certification readiness

Security only creates long-term value when it is structured, prioritized and aligned with recognized frameworks. That is why I map existing and planned measures against established security frameworks.

  • ISO/IEC 27001 (alignment) — management structure, risk thinking and evidence
  • CIS Critical Security Controls — technical prioritization and practical implementation
  • BSI IT-Grundschutz — structured baseline in a German context
  • NIST Cybersecurity Framework — Identify, Protect, Detect, Respond, Recover

The goal is a practical set of measures and evidence that supports later certification efforts (e.g. ISO/IEC 27001, TISAX, PCI DSS). Formal audits and certificate issuance are performed by external certification bodies.

For special regulatory or industry requirements (e.g. critical infrastructure, payment/PCI DSS, automotive/TISAX), the framework mapping can be expanded and deepened.

Transparency & billing

Scope, approach and costs are agreed clearly before we start. Billing is transparent — either hourly or as defined service packages.

What you get at the end

  • clear priorities and realistic measures
  • traceable documentation
  • audit- and certification-ready groundwork with substance

Contact

If you want to quickly check whether my approach fits your organization, feel free to reach out — no pressure, no nonsense.

Get in touch Request a free first check

PHP