INFORMATION SECURITY MANAGEMENT SYSTEMS AND SECURITY CONCEPTS

ISO 27001

ISO 27001 is the standard which audits the BSI basic protection. The basic protection according to BSI is divided into modules A, B, C, Z and W. For a normal level of protection, the measures of groups A and B are used. All audit-relevant actions are grouped together under seal level C. We audit these as part of the certification audit.

However, we do not only audit your processes and the measures of your IT security; we also prepare you for audits and lead you holistically to the achievement of the certificate according to ISO 27001.

Please note: We may either audit you or prepare you for an audit. This is the only way to guarantee the principle of quality assurance.

IT security concepts according to BSI Grundschutz or NIST

The European Data Protection Basic Regulation requires that a data protection impact assessment be carried out for each new Information Technology System. The data protection impact assessment is created within IT security concepts.

For the creation of a security concept we use the methods of the BSI standard BSI 200 (Book 1 and 2). Alternatively, we use the methods of NIST Special Publication 800-53.

The security concept according to BSI Grundschutz is based on the modelling of the infrastructure according to BSI building blocks. BSI building blocks group measures against information risks into hazards affecting the infrastructure, the network, the overall processes and supporting conditions.

In a systematic audit, we analyse the state of your IT and determine which measures still need to be implemented. The risks to which your infrastructure is exposed result from the open measures.

Finally, we work with you to formulate priorities within the implementation of measures to improve the security status of your IT.

IT security concepts

In addition to the scope of services of the BSI basic protection, we also carry out extensive dedicated risk analyses for new, unknown or unclear environments, which are included in the analysis and thus extend the picture holistically.

In a systematic audit, we analyse the state of your IT and determine which measures still need to be implemented. The risks to which your infrastructure is exposed result from the open measures.

Finally, we work with you to formulate priorities within the implementation of measures to improve the security status of your IT.

risk concepts

IT security concepts analyse the operational security of the IT environment. Predefined measures are mapped to predefined hazards. This ensures that the most frequent weak points are adequately secured in terms of security.

Although the BSI Basic Protection takes many contingencies into account, no general statements can be made as to which measures are necessary to secure critical infrastructures (KRITIS-relevant) or which measures must be combined in order to secure an environment with a high need for protection.

This hedging is carried out as part of an IT risk concept. We prepare risk concepts in accordance with BSI 200-3 or ISO 27005/ISO 31000

We analyze the possible threat scenarios that affect your IT environment, analyze the probability of occurrence and then formulate the measures to be taken. The aim is to tailor a security level to suit your project. After all, IT security is like a raincoat that protects you from wind and rain, but should not hinder you.

contingency plans

Unfortunately, emergencies happen again and again in life. An emergency related to your IT can be, for example:

- fires

- deluge

- External attacks on the IT environment

- Targeted attacks on your company headquarters with brute force, e.g. in the event of unrest

Like a good friend, we are there for you in case of an emergency. Before the emergency occurs, however, we analyse the possible threat situation for you and take measures together with you to keep the VBF (vital business functions) alive or to be able to restart it within a short time.

In the event of an emergency, we work with you to create checklists that you only have to work through in the event of an emergency. This approach has proven to be particularly effective with airline pilots, as they have to be able to make decisions quickly in an emergency.

We will practise the checklists with you until you no longer need the checklist and you have mastered the processes in your sleep.