IT security from A to Z - 
the added value for your company

 

 

From awareness to access authorisation

IT protection is a multifaceted area imbued with complex structures. Attacks on information systems are becoming increasingly professional. Meanwhile, companies are becoming progressively dependent on their IT, leading to a steady rise in the potential for economic harm.
This shines a spotlight on cyber security, which is becoming a focus topic for companies of all sizes that needs to be factored in and implemented from day one. Increasingly, SMEs in particular are in the cross hairs of cyber criminals and are falling prey to attacks.


Defined goals of cyber security 

  • Detect attempted attacks
  • Protect systems and information from potential harm
  • Defend against actual attacks

These three disciplines (detect, protect and defend) must be implemented at all levels of IT in order to guarantee effective protection. This means that cloud services must be taken into consideration, in addition to conventional IT (desktop, server, network, mail and web etc.). Moreover, employees and their behaviour need to be included in an end-to-end assessment of IT security. They must be perceived from two perspectives: as victims of external attackers and as potential attackers themselves.

 

The three levels of optimised IT security 

Broadly speaking, the benefits of reliable and working IT security can be divided into three levels, depending on the specific protection requirements:

Added value Basic IT protection Enhanced IT protection Optimised  IT protection

Technical and organisational measures to bolster data protection

+ + +
Standardised and centralised IT operating processes for efficient control + + +

Easing of the workload on staff

+ + ++

Preventing economic harm

+ ++ +++

Minimising the risks of digitisation

+ ++ +++

Protecting data and information in line with the goals of CIA triad, confidentiality, integrity and availability

+ ++ +++

Protecting the company’s reputation and preventing damage to its image

+ ++ +++

Improving the company’s solvency and credit rating

+ ++ +++

Reducing the premiums for cyber security insurance policies

+ ++ +++

Improved protection of expertise and technical competency

+ ++ +++

Avoidance of downtime

+ ++ +++

Fulfilment of standards for certification or contractual compliance

+ ++ +++

Reducing the risk of espionage, sabotage and blackmail

+ ++ +++

Reducing the risk of inside jobs

+ ++ +++

Early detection of risks

  + ++

Excellent technical protection

  + ++

Establishing transparency for the IT security status

  + ++

Satisfaction of regulatory requirements (critical infrastructure, BaFin, ...)

    +

Automation of security-relevant specifications

    +

Faster responses to security incidents

    +