When was the last time you evaluated your IT security concept? Do you even have one? How do you create it? Who takes care of it? If something goes wrong, what do you do? Are you liable for it?

Act now!

Critical infra­structures have to be operational at all times, and are required by law to take specific care of their IT security, e.g., with the help of an IT security officer.

IT Security Officer
An animated hourglass
from 400 € per month
  • An independent IT security officer who will provide you with unbiased support and advice on all IT security issues
  • Assurance that all the responsi­bilities of an IT security officer are being reliably fulfilled
  • Continuous consulting and concrete proposals for action to conti­nuously ensure and improve your IT security
from 400 € per month

Read on for more detailed information, but don't wait too long. Time is of the essence.

Should every company have an IT security officer?

The German government provides a list of companies and industries that belong to Germany's critical infra­structure (KRITIS). These companies, known as IT-kritis, are required by law to appoint an IT security officer for the company, whose job it is to advise the company's management on IT security issues and support the imple­mentation of necessary measures.

Tokyo from above at night. The streets, buildings, and construction sites are brightly lit.

Regardless of whether your company is part of the critical infra­structure or not, you have a vested interest in protecting your IT systems and the data they process or generate. The German Federal Office for Information Security (BSI) was established in 1991 for this reason and developed the “basis for IT security” (IT-Grundschutz) as proven methodology to increase information security in companies. One requirement of these basic protections is to have an IT security officer.

IT security is fundamen­tally about data protection. The loss of data or the failure of the systems that process data is critical for your company, its employees, and all your customers. Put simply, every company should be concerned with IT security for its own sake and, ideally, have an IT security officer.

Want a free consultation with an expert? Arrange a web appointment.

Critical infra­structure sectors and industries

Culture and media icon
Culture and media
  • Broad­casting (television and radio)
  • Printed and electronic press
  • Cultural insti­tutions
  • Symbolic structures
State and local authorities icon
State and local authorities
  • Government and admini­stration
  • Parliament
  • Judicial Facilities
  • Emergency/Rescue
    including civil protection
Energy icon
Energy
  • Electricity
  • Gas
  • Mineral oil
  • District heating
Food icon
Food
  • Farming and Food industry
  • Grocery
Financial and insurance icon
Financial and insurance
  • Banks
  • Stock exchanges
  • Insurance
  • Financial services
Transport and traffic icon
Transport and traffic
  • Aviation
  • Maritime
  • Inland navigation
  • Rail transport
  • Road traffic
  • Logistics
Water icon
Water
  • Public water supply
  • Public sewage disposal
Information technology and telecommunications icon
Information technology and tele­commu­nications
  • Telecommuni­cations
  • Information Technology
Health icon
Health
  • Medical care
  • Drugs and vaccines
  • Labora­tories

Why do I need an IT security officer?

While every company is different, one thing is true for all: An IT security concept is an essential part of operational planning. This is just as valid for the local hair salon as it is for the multi­national corporation. Although the concept varies and includes aspects that are indivi­dually tailored to the specific company, an IT security concept serves every company in the same way as a safeguard for optimized business operations.

Your company is successful
because of its ideas.
It is important to ensure that
these are adequately protected.

In daily business operations, a wide variety of risks inevitably arise, not only from the human factor, but also from processes and IT systems used by the company. By means of IT risk management, it is important to holisti­cally view, evaluate, understand and mitigate the existing risks associated with your IT landscape.

Employees share their ideas in a meeting

When it comes to decisions regarding IT security, we at IT-Kompass are an objective and informed partner who can advise you on the necessity and benefits of such investments.

Last but not least, managing directors for corpo­rations are legally obligated to properly organize and manage the company under their control. They are also liable for damages resulting from failure to fulfill these obligations. This includes the management of a company's IT infra­structure and data. See Section 43 Directors’ Liability as pertaining to Limited Liability Companies (GmbHG).

Good to know

Managing directors for corpo­rations are legally obligated to properly organize and manage the company under their control. They are also liable for damages resulting from failure to fulfill these obligations. This includes the management of a company's IT infra­structure and data. See Section 43 Directors’ Liability as pertaining to Limited Liability Companies (GmbHG).

IT-Kompass company logo
Employees share their ideas in a meeting

What are the tasks and require­ments of an IT security officer?

  • Provides management with an overview and current status of all activities and issues related to IT security
  • Creates an IT security guideline and the IT security concept for the organi­zation in cooperation with management and ensures that it is always up to date
  • Creates IT documen­tation and maintains IT security policies and guidelines for the organi­zation
  • Supports the establish­ment and operation of the IT security organi­zation
  • Manages the resources available for IT security, including personnel, equipment and budget
  • Conducts training on IT security and related internal policies and guidelines
  • Guarantees the flow of information for IT security topics within the organi­zation
  • Documents and evaluates the effective­ness of IT security measures
  • Leads the analysis and follow-up for all IT security related incidents
  • Serves as the point of contact for colleagues, external partners and customers in all matters related to IT security

Responsi­bilities of an IT security officer: Is your house in order?

When people think of IT security, they think of things like hackers and computer viruses. But it involves much more.

Responsi­bilities of an IT security officer:
Is your house in order?

When people think of IT security, they think of things like hackers and computer viruses. But it involves much more.

An unfamiliar USB stick

...which seems to be lying randomly in a parking lot but was purpose­fully placed there by an attacker expecting to be connected to a computer later.

Social engineering attacks

...via phone, social media, email, or even mail - e.g. to the boss's secretary or the accounting department to gather information or arrange a payment.

Company data

...processed and stored on private devices or insecure systems pose the risk of data leakage, compromise, and access by unautho­rized third parties.

An employee

...who knowingly causes damage - e.g. industrial espionage, data destruction or falsi­fication.

Fire alarm!

Will all data remain confi­dential and equipment secure when the fire department arrives? Are computers locked at all?

A fake employee

Who is standing at the door taking a "break"? Can bogus employees or bogus customers gain unautho­rized access to the building?

Passwords written down

Are passwords kept in a drawer, or maybe taped under the keyboard?

Access authori­zations

Who has access to the server room and is access monitored?

Open office spaces

...often allow screens to be freely visible. Time for reading is not necessary. A quick photo with a cell phone is enough.

Basically, the following applies: IT security depends on the employees, their care in handling data and systems, healthy caution and, above all, their level of knowledge of IT and existing attack vectors.

A consultant shows the plan on the computer

Appoint an internal or external IT security officer?

Employing an IT security officer in-house may be the right solution for some companies, but the right choice depends on more than just the size of the organi­zation. Even large companies often take advantage of external expertise and try to imple­ment cost-effective, scalable solutions. The tasks of an IT security officer do not change in comparison. They are identical for any size company. The amount of work and the number of personnel may differ, but the responsi­bilities do not.

It is important to understand that the IT Security Officer is not responsible for managing an IT department, making all decisions related to IT, or managing various IT projects. This person is solely responsible for and fully committed to the conceptua­lization of IT security. As such, an external partner can be invaluable, as the advice and recommen­dations he or she offers are strategi­cally sound and completely objective. The IT security officer is able to scale resources as needed, understands best practices, and has the perspective that comes from imple­menting solutions in different organi­zations and industries.

A consultant shows the plan on the computer
Good to know

The IT security officer is not responsible for managing an IT department, making all IT-related decisions, or managing various IT projects.

This person is solely responsible for your IT security and is fully committed to it.

IT-Kompass company logo

It is important to understand that the IT Security Officer is not responsible for managing an IT department, making all decisions related to IT, or managing various IT projects. This person is solely responsible for and fully committed to the conceptua­lization of IT security. As such, an external partner can be invaluable, as the advice and recommen­dations he or she offers are strategi­cally sound and completely objective. The IT security officer is able to scale resources as needed, understands best practices, and has the perspective that comes from imple­menting solutions in different organi­zations and industries.

Why is IT-Kompass your ideal partner for appointing an external IT security officer?

Two colleagues discussing in front of a computer
Especially if you have entrusted the maintenance and protection of your corporate IT to a service provider, you need to be sure that your IT infra­structure is optimally protected and that the work is carried out correctly by your service provider.
An employee sits in front of his computer
Neutrality is essential in the quanti­tative and qualitative assessment of the security level. This is where an IT security officer from IT-Kompass, who are certified by TÜV Rheinland, comes into play by providing you with an independent point of contact.
A person checks printed reports
Within the framework of this partnership, you will not just receive a one-time recommen­dation, but benefit from a regular and conti­nuously adjusted overview of existing vulnera­bilities and deficits, on the basis of which you can anticipate the path to an optimized IT security strategy for your company. We support you in this!
IT security expert shows the IT infrastructure on a flipchart
Even if you already work with another systems house, you can hire IT-Kompass as an external IT security officer. This gives you the opportunity to ensure a neutral view of your IT security.

What is the process like with an external IT security officer from IT-Kompass?

Gear icon with IT-Kompass logo

Have you recognized that your company is unprotected against IT risks and want to actively change this? Or you have already dealt with the issue but would like to put your company to the test and determine the current state?

We are here to help and can offer you an initial check in the form of a compre­hensive information security analysis.

  • Within the scope of this analysis we determine the current protection level and show you your further optimi­zation potential.
  • If you would like to have the appropriate concepts for optimi­zation developed and imple­mented, our team of IT security officers and system admini­strators is at your disposal.
  • If you would like to imple­ment your own IT security organi­zation within your company, we are at your disposal to provide an IT security officer.
  • As an IT security officer, we will work with you to develop a security guideline and an IT security concept that suits you.
  • regular monthly reports provide you with a constantly updated overview of the existing security level and offer further recommen­dations for action.
  • We are there for all your questions about IT security. You decide how much you need our support. If you are interested or have further questions, just give us a call.
A group picture of team members of IT-Kompass

The IT-Kompass team consists of dedicated and highly qualified subject matter experts who have specialized knowledge in areas such as IT security, cloud infra­structure, e-commerce, the development of software and mobile apps, network admini­stration and digitali­zation. We are happy to assist you.

What does an IT security concept contain?

A good plan is never set in stone. It recognizes that circum­stances and priorities can change. The plan serves as a guide for decision making and can be adjusted as needed, but without a plan you are acting aimlessly. An IT security plan addresses the following:

The concept...

...defines what needs to be protected; what data and systems need to be protected against different scenarios; what equipment is needed; access to which software or resources.

01

...prepares a risk and threat assessment with an estimate of the proba­bilities for various scenarios and the resulting damage to the company.

02

...determines which measures can be taken within IT security to minimize both the risks and the resulting damage.

03

...prioritizes the various areas within IT security based on estimated risks and damages.

04

...assesses the effective­ness of current IT security measures.

05

...estimates the resources (human and financial) required to resolve issues in the event of an incident.

06

...is conti­nuously reviewed and revised as needed.

07
IT security officer
from 400.00 € per month

These partners already rely on IT-Kompass for their IT security and IT security consulting services

Your request

If you are interested in an IT security officer or any other topics, just send us a request.

Or contact us by phone:
Monday through Friday 8:00 am – 5:00 pm
Telephone: +49-7162-14505-80

Our sales team is here for all your IT concerns and is happy to answer any questions you may have.
I’m glad to answer any questions and will be in touch.
Maximilian Richardson Head of Sales
* Required field
IT-Kompass company logo