-
How can attacks be avoided?
✓ Ensure essential controls are met
✓ Find, track, and assess data
✓ Monitor event logs -
What do attacks have in
common?
75% were not discovered
83% were not highly difficult
87% were avoidable -
How do breaches occur?
62% system error
59% hacking and intrusions
31% incorporated malicious code
22% exploited a vulnerability
15% physical threats -
Who is behind data breaches?
73% resulted from external sources
18% were caused by insiders
39% implicated business partners
Consulting Risk Management
| Risk Management & Emergency Planning |
|
Increasingly higher statutory and supervisory requirements are being set for company security. Standards such as Basel II, which requires functioning IT security management as part of company risk management, is only the start of the provisions to follow in the future. In principle, the structure of company processes and arrangements should be left to the companies to decide at their responsibility the security measures necessary. First the confrontation with a serious incident using the precautions taken brings around a possible review of the legislation. It is of no importance thereby, whether processes or whole departments are relocated to other companies. Liable in this case is solely the director or management, if the IT department cannot be proved to have committed any errors. In order that it doesn't come to such an uproar, it is worth having the existing processes and infrastructures tested and evaluated through external service providers. The aim of adequately protecting company data must be the highest priority. This provides us with the task of building up IT baseline protection consisting of organisational, personnel and technical measures via all IT components. IT components particularly requiring protection must also be secured with additional security measures. It is a challenge to achieve such adequate protection with an economically justifiable input. IT risk management is the continual exercise of the company, to systematically plan, implement and control an adequate level of IT security. Phase 1: identification of the components to be protectedStarting with business processes, the critical components are identified. They are divided into applications, systems and infrastructure and externally or internally operated. On the basis of this classification, the further procedures concerning the necessary IT security provisions are defined.Phase 2: Conducting the analysis of protection requirementThe identified components are subjected to standardised protection requirement analysis. The following points are hereby considere:
Phase 3: Setting up comprehensive IT baseline securityIn this step, the identified components are collected into groups of equal priority and provided with IT security measures, which can be either technical or organisational. The description of the provisions on IT baseline protection is linked.Phase 4: Emergency planningThis steps builds on the findings of the protection requirement analysis. If the availability requirement exceeds a limit to be defined, we design procedures of how you should act in an emergency. This is equivalent to a business continuation plan for processes and applications or a new start plan for the systems.A risk management project with the originating procedures and documentation can only exist in everyday life if this process is continually lived. Repeated exercises such as tests, updating and assessment must be executed with the same diligence as the first four phases. It could be expensive if a crisis is wrongly reacted to or a new system is not contained in the emergency handbook. We want our services to offer you adequate assistance, to find the correct solution for you. We hereby support you in data collection, evaluation, and selection of the correct management application. We are looking forward to meeting your challenge. |
Quick Links
 |
|
|
