This is who we are

Adaptive Cybersecurity Practices considers Cybersecurity as a primary function within modern business environments. Just as finance, procurement and HR are. A pro-active strategy to define, implement, monitor and adapt security controls to protect your business critical assets and to plan for business continuity is an absolute must to organisations.

We have many years of experience in the IT and Cybersecurity fields. We have a European footprint in different branches such as local governments, IT outsourcing and the utilities sector. We follow industry standards (ISACA, ICS2, IPPA) and are proud members of the different Information and IT security organisations.

Adaptive Cybersecurity Practices’ standard way of working is a nearly remote only (offsite – within the EU) model, nevertheless we also spend time at our clients offices. However we try to limit onsite visits to a minimum. We have always worked according this model, also before the global COVID-19 crisis.

Adaptive Cybersecurity Practices – Keywords

ISO2700x, Cloud Security, ISMS, STRIDE, Risk Assessments, GDPR, NIST
GRC, Business Continuity and Disaster Recovery, IT Security Reviews
Security Management, Security Control Frameworks, Audits, ISACA, ISC2
Threat modelling, GAP Analysis, Privacy, Reporting, Security Program
Cyber security assessment, Mitre atta&ck, security governance

Our Vision

Cyber Security, Information Security and IT Security all starts knowing what you have and what’s the value of what you have. It helps you to protect your “crown-jewels” and to define the appropriate and financially-balanced security requirements.

The crown-jewels are considered to be the business critical assets. Without those assets (loss or inaccessibility) business can suffer severe (financial) adverse impact on their operations and could eventually lead to forced closure of business. It is therefore essential that the crown-jewels are identified by the (different) business-owners and critical stakeholders within the enterprise.

Laws & regulations, business needs, organizational objectives, etc. are all business requirements and drive the security decisions within the organization. Based on legal constraints, geographical locations, types of data/information systems or the various business needs, security decisions will be taken and safeguards will be implemented. Making use of a security control framework (for example based on the ISO27001 standard) will help in gaining control over the security landscape (on-premises, outsourced or a hybrid environment).

Safeguards (security controls) should always be implemented using a multi-layered security approach. It is key to ensure that safeguards are implemented from a process, technology and physical point of view. This complexes the attack vector and reduces potential risks. It is of major importance that the implemented safeguards are (periodically) being analyzed and re-assessed to measure their effectiveness. Continuous analysis of the threat landscape should be a good practice and an embedded process.

A security governance structure, for instance a GRC setup, will help monitoring the effectiveness of the implemented security controls. Having a security governance in-place implies having (self) assessments, audits and periodical reviews organized and planned. It is part of the security life-cycle and helps to improve the overall security posture and to adapt to the ever changing threat landscape. Not adapting to changing environments results in being more vulnerable and susceptible to cyber threats and risks.

“The measure of intelligence is the ability to change.”


– Albert Einstein