The relevance of IT security is only recognized if it is missing. Don’t let it get that far. IT security takes place on the following synergetic level: Data centers, e.g. for hosting websites and email traffic or centrally provided applications or data, as well as so-called cloud solutions. Local servers in companies, e.g. for controlling email traffic via Exchange or here for the applications or data made available. Computer workstations in the form of stationary computers, laptops and/or mobile end devices such as smartphones and tablets.
IT security concept
The relevance of IT security is not recognized until errors are detected.
A secure interaction of the 3 components is described in an IT security concept. IT security is especially relevant for the protection of personal data and for the protection of company secrets. An IT security concept should and – in the area of personal data – must ensure that the following goals are achieved.
- Protection against loss of availability, integrity, authenticity or confidentiality of data
- Protection against loss of important system functions or data loss due to erroneous manipulation or sabotage.
- Protection against loss of reputation: damage to the company’s reputation and damage to its image.
- Protection against costs of downtime, repairs, legal disputes, injunctions, penalties, fines and warnings.
- Protection against loss of market share, slump in sales and profits and economic existence.
As a national authority, the Federal Office for Information Security (BSI) defines standards for IT security.
The goals that are to be achieved technically.
Protection against unauthorised disclosure of information. The data may only be made available to authorised persons in the permitted manner.
The data should be able to be used by the users as intended.
Integrity means that data is correct, that this is ensured and that the data processing systems function correctly.
The availability of data should be “guaranteed”.
IT users and employees should be convinced of the correctness and importance of the regulations, procedures and measures to increase the level of information security.
We support you
in the implementation of your IT security concept through the following services
Creation of the reference architecture
- Determination of the object of investigation and the critical business processes
- Location and infrastructure (properties, buildings, rooms)
- networks, communication links and external interfaces used (information network)
- existing IT systems (clients, servers, network coupling elements, mobile devices, etc.)
Definition of structure and tasks of participating projects and institutions:
Area of validity: The joint use of the spatial and technical infrastructure in the facility creates an IT network. All projects and facilities are to be logged at this IT network.
Cooperating projects and partners:
Tasks and objectives of the individual projects and institutions involved are to be listed briefly and included in the conceptual process.
Structure of the IT security concept:
The IT security concept is converted into a basic concept according to BSI IT Grundschutz-Kompendium (IT Basic Protection Compendium).
IT security management process:
There are no generally applicable rules for the structuring of safety management; rather, we will take the special circumstances of the existing management structures into account here.
Please contact us
1. Safety goals
Definition and quantification of risks:
Definition and effects of damage as a result of risks in information processing.
Legal situation:
- Data protection law
- Perspective Civil Law
- Compensation risks
- Conclusion and framework for action
Legal foundations:
- Data protection regulations according to EU – Basic data protection regulation
2. audit structural analysis
- Presentation of the existing IT systems
- Overview: Rooms / IT Systems / IT Applications
- Overview: Network
- Network
- Workstation computer
- IT Support
- Visualization and assignment of IT applications to IT systems
3. definition of protection requirements
Determination of the need for protection on the basis of the basic threats:
- Loss of confidentiality
- Loss of integrity
- Loss of availability
4. Risk analysis
- Representation of the hazards of higher-level components.
- Presentation of the hazards of infrastructure components.
- Presentation of the hazards of the IT systems under consideration
5. Catalogue of measures
Technical-organisational measures:
Standards of the institution for order processing, data protection and information security
6. Preparation of other applicable documents
Organisation chart
Management, employees, infrastructure and IT department/service provider
Compliance Policies
Coroporate Compliance Manual
In-house IT guidelines
- locking plan
- Access control
- Authorization concept
- Representation plan: according to organization manual
- Employee sensitisation: Awareness campaigns – rules on the use of passwords
- Encryption of e-mail attachments
Maintenance concept / Infrastructure
According to responsibilities (from organization manual?)
Management and Executive: – Management and Executive Structure Organization Chart – IT Role and Staff IT: – IT Structure Organization Chart
- Management and Executive: – Management and Executive Structure Organization Chart – IT Role and Staff IT: – IT Structure Organization Chart
- Infrastructure & Logistics: Logistics Structure Organization Chart
Handling security systems:
- IT Service Provider: Maintenance Contract IT Service/Security Agreement
- Internet access / DSL connection: Handling TK & Internet access
- Data and file deletion: Handling Data and file deletion
- Property management/House technology: Handling Property management/House technology
- BMZ Fire alarm system, handling Fire alarm control panel, cleaning service Handling Cleaning service
Software Management
- Software licenses and contracts
- Overview of contracts and IT
virus protection concept
- Antivirus software
