The dependancy on electronic data and information is increasing more and more due to the progress of digitalisation in all areas of life. The internet and networking of all private and public areas contribute to the fact that information must always be availible everywhere.
IT is double-sided. On the one hand information can be easiliy processed, made availible to employees, partners and suppliers and archived easily.
But on the other hand data is not availible when it is needed or has been manipulated. Employees need to be trained and sensitised. Information can easily leak out without appropriate protective measures.
Therefore the power of IT shouldnˋt be underestimated. It is essential for companies that only entitled individuals gain access to sesible data. Otherwise, the company may be at a competitive disadvantage or the economic future of the company may be jeopardised.
The protection of your data is a great challenge, which we will overcome together.
In doing so, we not only focus on digital data, but also take an integrated look at your information and its paths.
External Security Officer
Not only legal duties of care require appropriate protection of your information. Your clients, partners and service providers as well expect that all data is protected in accordance with the prevailing secruity standards. This applies in particular to secruity standards and precautons concerning the availability, integrity and confidentially of information.
Compliance with due diligence is of enormous importance for avoiding liability cases and therefore also serves your own protection. An elementary builing block in a secruity concept shoulld therefore be the IT secruity officer. He or she works hand in hand with the company and IT management.
Take advantage of the benefits of an external IT secruity officer. Especially for small and medium-sized enterprises, this is an opportunity to reduce personnel expenses and save costs.
Our certified employees support you in all questions concerning the security of your IT. We check your current secruity measures and show you ways to make your data more secure. We will be pleased to draw up a comprehensive IT secruity concept for you and, if you wish, we can provide you with an external IT secruity officer on a permanent basis.
Some typical services of an IT secruity officer are:
- Create and maintain safety and emergency concepts
- Risk management according to ISO27005 or BSI Staandard 100-3
- Create and maintain IT security guidelines or system documention
- IT-security awareness training for employees
- Vulnerability analysis
- Creation and maintenance of access/authorisation concepts (identity/access management)
- Create and maintain access concepts
- Create and maintain a physical secruity measures concept
- Creation of IT secruity reports/secruity reports
Information Secruity - Information Management
Your information and data are important assets for your company and are consistantly subject to various threats, such as espionage and hacking attacks or physical impacts, such as floods or fire.
Another recurring cource of danger in terms of information leakage.
Information security includes the identification, assessment and treatment of risks. In this process, your secruity requirements usually result from three sources:
- Risk management
- Legal requirements and contracts
- Own goals, guidelines, principles
In order to effectively introduce or improve your existing or planned information secruity management system (ISMS), it is of enormous importance to have a holistic view of information management. In addition to technical and organisational secruity measures (entry, admission, access), all information and communication chanells must also be covered. Furthermore, the ISMS must be supported by the management level. This and regular training of employees are important guarantees that the ISMS will work efficiently.
As in IT, the focal point of an ISMS lies on the tree classic values of information secruity:
- Availability - Information is availible at the desired time and place
- Integrity - Information is correct and complete
- Confidentiality - Information is not accessible and available to unauthorised individuals
The certified auditors of Lumen IT Consulting GmbH are your contact for the consultation and introduction of an information secruity management system (ISMS) and the implementation in existing management systems. It is irrelevant whether you want to protect your company for your own purposes, for the external presentation to clients, partners or suppliers or whether you are aiming for a certification according to ISO 27001.
We will develop a concept with you that is individually tailored to your needs, provide staff training and realise the achievement of your security goals.