IT Security - Nov 19, 2021
Information Security Management Systems - A key topic.

by Frank Peter, Philipp Schütz

Information security and IT security - They're essentially the same thing, right? Think again. Although both terms are often used interchangeably, there is a wealth of difference between them. IT security describes primarily the handling of technical systems, i.e. hardware and software. Information security on the other hand denotes the entire company including staff, processes and even the building's architecture, which demonstrates quite clearly that information security is a key topic and it affects every single employee. An Information Security Management System (ISMS) can help to keep an overview of these complicated factors and their interplay.

written by

Frank Peter
Head of Data Protection and Data Security

E-Mail: frank.peter@bechtle.com

Philipp Schütz
Senior Consultant Data Protection and Data Security

E-Mail: philipp.schuetz@bechtle.com

An ISMS concept includes all kinds of rules, tools, measures and procedures to preserve the security of important corporate information. A report released by the Federal Office for Information Security (BSI) recently showed how important it is to approach this topic holistically and to not take it too lightly. The talk was of several dynamic cyberattacks on companies and organisations from different sectors across the past few months. The most useful method identified was to "use a management system for information security in accordance with IT standard protection", as this helps to recognise dangers, reduce risks and significantly improve the standard of information security with the right measures.

The current situation is a reason, but not the sole reason, to devote more time and attention to the topic. Several laws passed in the last years have raised the incentive to act. The IT-Sicherheitsgesetz 2.0 (IT Security Law), for example, that was passed in May 2021, drastically increased the requirements for operating critical infrastructure. These include energy and water providers as well as hospitals, who are obliged in the future to run systems for attack detection. In the meantime, providers and customers are getting up to scratch, too. They now expect business partners to close up existing security gaps.

First steps to an ISMS.

None of this pressure should be required, as it's in the interest of every CEO and manager to protect the heart of their companies-which in most cases means employees and their data.

One way to establish an ISMS and an overview of the situation is to carry out a risk analysis. This will identify the risks and threats that could potentially become a real danger for the company. The next step is to take a closer look for potential weaknesses. At the same time, the current security measures in place should be documented so that they can be integrated into the larger system and, if required, be modernised. An ISMS is not a revolution, it's an evolution of company-wide information security.

It's about recognising what is right and making the change. This can be done in a number of ways. To find the right one, you could carry out a survey of your employees, which will reveal their perspective of the risks at hand. Another way of doing it is to carry out a cyber security check, which will offer a simple introduction to checking out the security levels. In addition, audits and certifications can also help detect and plug up loopholes. As a general rule, external consulting, such as that offered by Bechtle, has the great advantage that a neutral body with a lot of experience and an unbiased view from the outside can often identify security gaps that were difficult to identify internally.

War on silos.

Although a lot of companies have established security measures, these in themselves can cause problems. On the one hand, many of these are no longer up-to-date. Access regulations, for example, are often introduced-but over the years are no longer always meticulously maintained everywhere. On the other hand, companies often introduce new security solutions whenever they need them, leading to a silo scenario instead of a holistic interplay of the different systems. To keep all systems connected and reveal loopholes, an ISMS is absolutely necessary. Just like in football, missing coordination where's it's needed most can easily lead to an own goal.

So step up your game. An ISMS increases your information security and saves costs by eliminating redundant procedures. This way, employees receive a fixed set of rules that tells them what is universally accepted and what not. And please, don't leave the responsibility up to your IT department. It's up to everyone in the company to secure daily business and privacy. However, the primary responsibility for this lies with the management, which determines the guidelines and sets the framework for an ISMS. We're happy to help you should you require any assistance. Get in touch to find out more about our many services and solutions relating to information IT security: It-security@bechtle.com.

IT security solutions

Share article

Published on Nov 19, 2021.
09Nov
Sustainability starts with design - How HP develops resource-saving products.
Businessmen have always said that purchasing is the key to profits, but this idea falls short in today's world as surveys are increasingly showing that companies and consumers are less likely to to be motivated to make a purchase just because the price is low. Instead, sustainability is growing in importance, with consumers wanting to know how a product was manufactured, how transparent the supply chain is, what working conditions are like at production facilities, and how CO2-neutral the production process is. Modern companies think ahead, always have an eye on the big picture and face up to their sustainability responsibilities.
Read
21Oct
Prime your network for the future with SASE and SD-WAN.
The demands placed on data centres are on the rise, as are threats to corporate security. Companies need a software-based and secure wide-area network-and hence a radical rethink of their network concepts, with SASE and SD-WAN at the core.
Read
21Oct
Whaling - Phishing attacks on upper management.
Whaling is always good for controversy. In this instance, however, the whales in question aren't the aquatic marine mammals, but upper-level managers. Whaling is the name given to a specific form of phishing targeting high-profile end users. We'll be looking at how cybercriminals can cause extensive damage through whaling, how these attacks tend to unfold, and what businesses can do to protect themselves.
Read
14Oct
Five Questions for Sonja Saß, IT forensics specialist at Bechtle
Sonja Saß has been working as an IT forensics specialist at the IT system house in Chemnitz for two and a half years. Born in Hamburg, she developed an interest in forensics at an early age. She first learned to apply the whole thing in the digital environment during her studies. In this interview, Sonja gives us an insight into her increasingly important job and tells us which skills are indispensable for it.
Read
05Oct
Email security at schools and universities - With Trend Micro solutions.
Teachers and lecturers alike write and receive countless e-mails per day, and this means of communication constitutes a large amount of document exchange. Homework is sent to teachers or presentations by students to the professor for review. Cyber criminals regularly attack the e-mail systems of educational facilities, as these are often high-performance and their users generate a lot of mail. Another point is that these systems depend on powerful network connections and that very often free mail server systems are used.
Read
21Sep
Cybersecurity-Know-how für Geschäftsführende. Teil 4.2: Cybersecurity als Business Enabler im Bereich Operational Technology (OT).
This page is currently not available in the selected language.
Read
13Sep
MFA/2FA/OTP - Secure authentication in the age of the cloud.
Employees' identities have become the top risk factor and one thing is clear-the coronavirus pandemic has significantly increased the attack surface for cyberattacks and many businesses' IT departments are facing an uphill battle. One risk that has been pushed back into the spotlight thanks to the trend towards working from home, is the wide-spread use of weak passwords.
Read
07Sep
Cybersecurity expertise for managing directors. Part 4.1 - Strategic cybersecurity.
The majority of the time, cybersecurity is considered a necessary evil that soaks up money. However, when properly understood and leveraged, cybersecurity can give businesses a real competitive edge. Management need to completely rethink their attitude to cybersecurity so that the opportunities it presents are in the foreground. By looking at it from a different perspective, new possibilities for the strategic development of your own business to make it fit for the future emerge. Are you ready for strategic cybersecurity?
Read
More posts

Attachments

  • Original Link
  • Original Document
  • Permalink

Disclaimer

Bechtle AG published this content on 19 November 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 19 November 2021 10:12:07 UTC.