Cybersecurity Insights

Your organisation is facing new challenges. You are in the process of digital transformation and want to create openness, in which your customers should be in control. Yet, all of this must be achieved in a secure manner, eliminating cyberthreats as much as possible, from strategy to execution.

Innopay is in the perfect position to deliver on your ambition, because our people know how to identify and combat the cyberattacks you are dealing with, thereby leveraging our understanding of business, technology and regulation to maximise value for you.


Strategic Assessments

Maturity Assessment Cybersecurity - Determine the level of maturity, thus identifying the gaps to be filled in to achieve the desired situation. Either through in-depth analysis or as a quickscan.

IT Risk & Threat analysis - Assist in performing IT risk and threat analysis. Effectiveness of the current control environment will be assessed as well.

Incident Response AnalysisManage the aftermath of a cybersecurity breach by limiting the damage and reducing recovery time and costs.

Security product and service selection - Myriad of point solutions is not making it easier to select what is right for your organisation. We manage the selection process for acquiring product suites and services. Including preparation of the RFI and RFP, management of vendors and proof of concept.


Cybersecurity Advisory

Identity & Access Management – Assist in choosing the right direction for customer identity & access management efforts, starting with the business drivers. Additionally, Innopay can assist in drafting the required architecture and guiding implementation of the CIAM environment.

Cloud Security – Design of a security strategy and policy framework ready for cloud. A technology roadmap supplements the analysis to direct a secure journey to the cloud.

DevOps and Security (DevSecOps) – Security by design through security collaboration embedded in your DevOps teams. Innopay supports you on the journey adopting DevOps by making security part of the SDLC process.  

GDPR readiness – Ensure your organisation is ready for the EU General Data Protection Regulation coming into effect May 2018 by implementing effective CIAM and cybersecurity controls to manage customer consent and to protect personal data.



Certification preparations - Prepare for industry standard certifications through various training courses offered by the INNOPAY academy (i.e. CISSP, CRISC, CISA, CISM).

Cybersecurity Fundamentals (CSX) Getting understanding of the nuts and bolts of cybersecurity. In the end you will have a good basic understanding of the most important concepts of cybersecurity. 

Cybersecurity GDPR trainingBecome compliant with the European privacy legislation GDPR (General Data Protection Regulation) in the most optimal way.

Want to know more? Get in touch

JelgerJelger Groenland
+31 6 12 41 14 92

RobRob van der Staaij 
+31 6 57 99 13 99

Innovation services

Our cybersecurity experts help organisations to be optimally prepared to protect themselves, their transactional activities and their assets from cyberthreats.




We help our clients to define and plan effective strategies for growth, create a sound basis for decision making and provide clear direction to their organisation and its ecosystem.

Read more


We help our clients to co-create new digital products effectively, develop their co-creation capabilities and become an platform for open innovation and collaboration.

Read more


We help our clients to set-up and manage innovation programs, realise set ambitions and transform their operating model to be effective in the digital age.

Read more

Cybersecurity Advisory

Identity & Access Management

One of the most complex domains for organisations to deal with is identity & access management (IAM). IAM applies to a myriad of processes and technologies to provide centralized identity governance, authentication, single sign-on (SSO), session management and authorisation enforcement for target applications. Multiple use cases need to be supported, including business-to-employee (B2E), business-to-business (B2B), and business-to-consumer (B2C), as well as a wide variety of applications, such as on-premise applications, cloud applications, web service APIs, native apps, hybrid apps, and internet-of-things (IoT) applications.

Implementing IAM and especially customer or consumer IAM (CIAM) is a very difficult task. A great number of aspects need to be taken into account, including single sign-on (SSO), authentication mechanisms, authorisation options, monitoring and reporting, deployment models (on-premise, cloud or hybrid), social login, consent management, and user experience (UX).

Cloud Security

Adopting cloud requires an organisation to rethink security to effectively safeguard assets and data. To secure the digital transformation a Security Strategy and effective policy framework need to be in place. Securing this transformation to the cloud is ultimately the same for every organisation but with different starting points and ambition levels.

Securing the cloud starts by articulating the key security principles for the organisation and building the security strategy. This is followed by building the policy framework to manage and monitor information in the cloud. Our Cloud Security Reference Model provides offers effective orchestration of the policy framework based on industry standards and best practices.

DevOps and Security (DevSecOps)

Many development teams are embracing Agile and DevOps methods to delivering software. This requires a new way of thinking about security as part of the software development life cycle (SDLC). The goal is to ensure data security through improving the awareness and understanding of security issues, by adopting proactive security practices, and by incrementally identifying and addressing the most urgent security gaps.

This can only be achieved when security specialists, developers and other team members collaborate. Collaborative security specialists embedded in agile development team can provide security strategies to building robust, quality and secure software. This often requires a transformation from traditional policy driven security to a more pragmatic approach involving control stories, automated segregation of duties and testing, security monitoring and risk-based threat modelling.

GDPR readiness

The General Data Protection Regulation will be effective May 2018, having a major impact on organisations holding data of EU citizens with severe penalties of up to 4% of worldwide turnover. Organisations need to identify what personal data they hold, where this data is held and the legal justification for holding it. It requires personal data to be classified, applications containing personal data to be identified and dataflows to be mapped. It further requires capturing and management of consent for data to be processed.

Customer identity & access management and cybersecurity deliver the key controls to accomplish this. By using flexible authentication means customer can give their consent to process the data for the specified purposes. With cybersecurity controls, such as encryption, personal data can be protected in a very effective way. 

Strategic Assessments

Maturity Assessment Cybersecurity

Many organisations are wondering whether they are able to withstand cybercrime attacks such as cryptoware, denial of service attacks and hacking attacks that are ever growing in sophistication. Cybersecurity is currently one of the most urgent topics on the agendas of senior management and organisations want to be sure to anticipate threats and unexpected situations in an adequate and efficient way, while at the same time being compliant with relevant regulations.

There are many topics that need to be addressed to create a coherent cybersecurity environment. Data classification, implementing cybersecurity controls, monitoring control performance and incident response procedures are amongst the most important components that are indispensable to an effective cybersecurity environment. Organisations are also asking themselves whether they should implement cybersecurity on-premise or integrate it as a service.

IT Risk & Threat analysis

IT risk management is an indispensable part of managing cyberthreats, contributing to a common outlook on risk for the organisation, thus enabling risk-aware business decisions and ensuring that the correct risk management controls are implemented and operating.

IT risk management begins with understanding the organisation and the context in which it operates, such as the dependency of the organisation on specific supply chains, its vulnerability to economic and market changes, and the impact of new legislation. Within this context the intent and capability of cyberthreats need to be assessed, in relationship with the value of the assets and resources of the organisation, thereby considering the vulnerabilities that the threats could exploit.

IT risk management should be thoroughly embedded into the organisation. It includes a number of cyclic steps such as the identification and documentation of risk, the evaluation of risk, risk response and mitigation, and the continuous monitoring of the IT risk environment.

Incident Response analysis

Manage the aftermath of a cybersecurity breach by limiting the damage and reducing recovery time and costs. Innopay assists in establishing a computer security incident response team (CSIRT) for the organization and setting up an incident response plan. Responding to a security incident in an effective way will minimize loss, mitigate exploited vulnerabilities, restore services and data, and reduce the risks of any future incidents.

Security product and service selection

Many factors must be considered in selecting a solution for cybersecurity or identity & access management. Whether built on-premise or acquired as a service, the related components and services will impact almost all other applications and processes in the organisation, as well as people. Other very important factors to consider are stakeholder management and organisation culture.

When choosing a solution, a variety of selection criteria must be taken into account, covering commercial requirements, functional and technical requirements, and legal and operational requirements. Each of the requirements must be weighted and prioritised, on the basis of which the RFI and RFP will be conducted.

Latest publications

181120quantumcrypto Quantum computers will revolutionize cryptography and cybersecurity. Here’s why. Sufficiently strong quantum computers will seriously disrupt the confidentiality and integrity of secure digital communication everywhere. In this blog, we will explain how quantum computers will revolutionize your data security and why you should be...Read more...

Open banking cybersecurity blog Sharing transaction risk data leads to Open Banking success The revised Payment Service Directive Regulatory Technical Standards (PSD2 RTS) will require every bank to apply Strong Customer Authentication. This introduces unwanted friction in the process. A solution lies in Transaction Risk Analysis. In this...Read more...

CIO 8 trends of cybersecurity 8 Trends of Cybersecurity In this year’s first issue of the Dutch CIO Magazine, a print publication of IDG, the world’s leading technology media company, INNOPAY’s Rob van der Staaij and Jelger Groenland give their views on...Read more...

cybersecjelger Turning Cybersecurity into a Commercial Benefit Cybersecurity is a tough business, and it's getting tougher. And if it all goes wrong, the effects on an organisation can be potentially catastrophic. INNOPAY's Jelger Groenland explains some simple steps to mitigate risks, maximise...Read more...

The Netherlands

WTC-F tower 3rd floor
Strawinskylaan 381
1077 XX Amsterdam
The Netherlands

Contact us

T: +31 20 6580651


Taunustor 1
60310 Frankfurt a.M.

Contact us

T: +49 (0) 69 5050604350



Stay up-to-date with the latest Innopay information

Click here for our privacy statement