When was the last time you evaluated your IT security concept? Do you even have one? How do you create it? Who takes care of it? If something goes wrong, what do you do? Are you liable for it?
When was the last time you evaluated your IT security concept? Do you even have one? How do you create it? Who takes care of it? If something goes wrong, what do you do? Are you liable for it?
Critical infrastructures have to be operational at all times, and are required by law to take specific care of their IT security, e.g., with the help of an IT security officer.
Read on for more detailed information, but don't wait too long. Time is of the essence.
The German government provides a list of companies and industries that belong to Germany's critical infrastructure (KRITIS). These companies, known as IT-kritis, are required by law to appoint an IT security officer for the company, whose job it is to advise the company's management on IT security issues and support the implementation of necessary measures.
Regardless of whether your company is part of the critical infrastructure or not, you have a vested interest in protecting your IT systems and the data they process or generate. The German Federal Office for Information Security (BSI) was established in 1991 for this reason and developed the “basis for IT security” (IT-Grundschutz) as proven methodology to increase information security in companies. One requirement of these basic protections is to have an IT security officer.
IT security is fundamentally about data protection. The loss of data or the failure of the systems that process data is critical for your company, its employees, and all your customers. Put simply, every company should be concerned with IT security for its own sake and, ideally, have an IT security officer.
While every company is different, one thing is true for all: An IT security concept is an essential part of operational planning. This is just as valid for the local hair salon as it is for the multinational corporation. Although the concept varies and includes aspects that are individually tailored to the specific company, an IT security concept serves every company in the same way as a safeguard for optimized business operations.
Your company is successful
because of its ideas.
It is important to ensure that
these are adequately protected.
In daily business operations, a wide variety of risks inevitably arise, not only from the human factor, but also from processes and IT systems used by the company. By means of IT risk management, it is important to holistically view, evaluate, understand and mitigate the existing risks associated with your IT landscape.
When it comes to decisions regarding IT security, we at IT-Kompass are an objective and informed partner who can advise you on the necessity and benefits of such investments.
Last but not least, managing directors for corporations are legally obligated to properly organize and manage the company under their control. They are also liable for damages resulting from failure to fulfill these obligations. This includes the management of a company's IT infrastructure and data. See Section 43 Directors’ Liability as pertaining to Limited Liability Companies (GmbHG).
Managing directors for corporations are legally obligated to properly organize and manage the company under their control. They are also liable for damages resulting from failure to fulfill these obligations. This includes the management of a company's IT infrastructure and data. See Section 43 Directors’ Liability as pertaining to Limited Liability Companies (GmbHG).
When people think of IT security, they think of things like hackers and computer viruses. But it involves much more.
When people think of IT security, they think of things like hackers and computer viruses. But it involves much more.
...which seems to be lying randomly in a parking lot but was purposefully placed there by an attacker expecting to be connected to a computer later.
...processed and stored on private devices or insecure systems pose the risk of data leakage, compromise, and access by unauthorized third parties.
...who knowingly causes damage - e.g. industrial espionage, data destruction or falsification.
Will all data remain confidential and equipment secure when the fire department arrives? Are computers locked at all?
Who is standing at the door taking a "break"? Can bogus employees or bogus customers gain unauthorized access to the building?
Are passwords kept in a drawer, or maybe taped under the keyboard?
Who has access to the server room and is access monitored?
...often allow screens to be freely visible. Time for reading is not necessary. A quick photo with a cell phone is enough.
Basically, the following applies: IT security depends on the employees, their care in handling data and systems, healthy caution and, above all, their level of knowledge of IT and existing attack vectors.
Employing an IT security officer in-house may be the right solution for some companies, but the right choice depends on more than just the size of the organization. Even large companies often take advantage of external expertise and try to implement cost-effective, scalable solutions. The tasks of an IT security officer do not change in comparison. They are identical for any size company. The amount of work and the number of personnel may differ, but the responsibilities do not.
It is important to understand that the IT Security Officer is not responsible for managing an IT department, making all decisions related to IT, or managing various IT projects. This person is solely responsible for and fully committed to the conceptualization of IT security. As such, an external partner can be invaluable, as the advice and recommendations he or she offers are strategically sound and completely objective. The IT security officer is able to scale resources as needed, understands best practices, and has the perspective that comes from implementing solutions in different organizations and industries.
The IT security officer is not responsible for managing an IT department, making all IT-related decisions, or managing various IT projects.
This person is solely responsible for your IT security and is fully committed to it.
It is important to understand that the IT Security Officer is not responsible for managing an IT department, making all decisions related to IT, or managing various IT projects. This person is solely responsible for and fully committed to the conceptualization of IT security. As such, an external partner can be invaluable, as the advice and recommendations he or she offers are strategically sound and completely objective. The IT security officer is able to scale resources as needed, understands best practices, and has the perspective that comes from implementing solutions in different organizations and industries.
Have you recognized that your company is unprotected against IT risks and want to actively change this? Or you have already dealt with the issue but would like to put your company to the test and determine the current state?
We are here to help and can offer you an initial check in the form of a comprehensive information security analysis.
The IT-Kompass team consists of dedicated and highly qualified subject matter experts who have specialized knowledge in areas such as IT security, cloud infrastructure, e-commerce, the development of software and mobile apps, network administration and digitalization. We are happy to assist you.
A good plan is never set in stone. It recognizes that circumstances and priorities can change. The plan serves as a guide for decision making and can be adjusted as needed, but without a plan you are acting aimlessly. An IT security plan addresses the following:
...defines what needs to be protected; what data and systems need to be protected against different scenarios; what equipment is needed; access to which software or resources.
...prepares a risk and threat assessment with an estimate of the probabilities for various scenarios and the resulting damage to the company.
...determines which measures can be taken within IT security to minimize both the risks and the resulting damage.
...prioritizes the various areas within IT security based on estimated risks and damages.
...assesses the effectiveness of current IT security measures.
...estimates the resources (human and financial) required to resolve issues in the event of an incident.
...is continuously reviewed and revised as needed.
If you are interested in an IT security officer or any other topics, just send us a request.
Or contact us by phone:
Monday through Friday 8:00 am – 5:00 pm
Telephone: +49-7162-14505-80