Both companies of the critical infrastructure as well as of other sectors benefit from a high level of information and data security, while operating in accordance with the information security regulations.
Information security due to digitalization
Information and data are essential components and form the majority of the corporate value. Hence the digital resources must be adequately protected. An insufficient safety may have devastating long-term consequences for the business. With the right measures of information security management you can set the foundation of a trustworthy level and reliability to your partners and clients.
Tools and methods
- Gap analysis
- Security concept
- Joint implementation of an ISMS
- Internal audits
- Certification in accordance with ISO/IEC 27001
- Awareness training for employees and managers
Your access to information security
When implementing an information security management system (ISMS) all relevant activities have to be taken into account in order to manage information and data safety, to protect and prevent of external dangers and to assure achievements of security goals, including confidentiality, authenticity and integrity of information.
A high level of information protection is particularly necessary for companies of critical infrastructure because of highly sensitive information. Since they have a great importance to the state, an imbalance of the businesses can lead to long-term supply bottlenecks, major disruptions and threats to the public safety as well as further devastating consequences.
Regulations by the government
At a governmental level regulations for both the critical infrastructure and players of the entire market economy have been established. The scope of action is limited by the legal situation and additional internal and external guidelines as well as objectives in alignment with the IT governance must be taken into account.
- Standards in accordance with ISO 27001 & the basic IT protection catalogues of BSI
- Data Protection Law & IT Security Law
- MaRisk VA (minimum supervisory requirements to risk management) & TKG (Telecommunications Act), standards of the Basel III framework for the regulation of the banks and financial conglomerates
- General Data Protection Regulation (GDPR))
- Corporate objectives in accordance with IT government, compliance, IKT measures, supplier and customer contracts
- Reporting obligation of information security incidents to the Federal Office for Information Security (BSI)
- Organizational and technical security measures, based on the state of the technology / implementation of sector-specific security standards
- Internal audits and proof of information security standards on a regular basis through certifications and biennial external audits