IT Information Security & IT Security
Structure according to BSI basic protection and ISO270001
The term IT information security means the conception of a management system that can protect your company data (and customer data!) in the best possible way.
In order to develop a well-founded concept that can also withstand an audit, the ISO27001 standard based on the BSI (Bundesamt für Sicherheit in der Informationstechnik) standard is used.
IT information security helps to ensure the integrity, confidentiality and availability of information. In this way, information can be protected against dangers such as unauthorized access or manipulation. In the corporate environment, this prevents economic damage (including damage to the company's image).
IT information security can be achieved through numerous measures. These are part of an information security concept and include both technical and organizational measures.
In principle, the security of information in the company is the responsibility of the management. The central core component of information security is the information security management system (ISMS).
An IT security concept goes hand in hand with the GDPR. The European General Data Protection Regulation establishes an inseparable link to a sound IT security concept via various paragraphs. This should be structured according to current standards. For small and medium-sized enterprises, this structure is recommended according to BSI-Grundschutz.
IT Security on the basis of the BSI basic protection model is perfectly scalable
IT information security thus has a strongly management-oriented approach and deals with guidelines, organizational structures, areas of responsibility, etc..
IT security based on the BSI (Bundesamt für Sicherheit in der Informationstechnik) basic protection model, on the other hand, addresses the actual implementation of the tasks/tasks defined in the IT information security framework.
IT security thus represents a subarea of IT information security. By combining the IT basic protection model and ISO27001, one obtains optimal information security.
Many of our customers prefer to use the BSI basic protection model standard, which is suitable for both small companies and large groups.
The contained security measures can be used as a basis for security concepts, and are adapted to the specific conditions of the respective institution, company. The implementation is carried out for the steps: planning and conception, procurement, implementation, operation and retirement as well as emergency readiness.
machCon helps you to successfully introduce and implement the BSI basic protection model. In doing so, we proceed according to the current BSI standards (e.g. BSI standard 200-2 IT basic protection methodology).
Why take care of IT Security?
- SMEs are not exempt
- New attack quality raises threat level to a new level and requires flexible countermeasures on the part of defenders, SMEs also increasingly affected
- 70 percent of companies have fallen victim to cyber attacks in 2016/2017, according to a survey by the Alliance for Cyber Security (2/3 of respondents are SMEs)
- 16 million warning emails were sent out by the BSI to draw attention to dangerous situations
- Around 390,000 variations of new malware were spotted every day in 2018
- DDoS attacks with up to 190 Gbit/s were detected in Germany in the first quarter of 2018
What is the hazard situation?
- Malicious programs
- Service prevention (DDoS, targeted system crashes)
- social engineering
- Man-in-the-middle attacks
- Advanced Persistent Threats (APT)
- Vulnerabilities in software and hardware
- Data loss
- Theft/loss of data media
- Fire & Water
- Inadequate information security strategy
- Poor configuration of IT systems/applications
- Non-observance of security precautions
- Careless use of passwords and security mechanisms
- Insecure networking and Internet connectivity (e.g., inappropriate or missing segmentation)
- Poor maintenance of components
- Inadequate protection against burglars and natural hazards (e.g., water damage)
*all information originate from the BSI (Bundesamt für Sicherheit in der Informationstechnik)
Any further questions?
We are happy to assist you personally for any further questions.