Information Security

and

Data Protection

Information Security

Data Protection

ISMS/ safe technology | safe Technology | secure Processes | secure Employees/ Awareness Campaigns and Life Phishing Training

Information security and data protection

Safe employees for a sustainable safety culture

 

Cybercrime is part of digitalization.

Attacks on digital infrastructures and digital services are increasing worldwide. Cybercrime has become professionalized and has become a well-organized shadow economy based on the division of labour – not to say an industry.

Artificial intelligence helps cyber criminals in all phases of an attack, ensures that attacks are largely automated targeted. This exponentially increases the number of possible attacks and attack variants. Cyber criminals now only need less than 3 seconds of a voice message to clone a person’s voice using generative AI and thus falsify a phone call, a conversation or a video.

 

High-value targets have priority

Cyber attacks strive for efficiency. High-value targets – targets where “good” results can be achieved with little effort – are particularly popular for this reason – and particularly vulnerable.

The legislator has responded and, with NIS2, is placing high demands on companies and organizations of certain sizes or in critical infrastructures in terms of measures for damage prevention, business continuity management and resilience.

 

Employees need to be trained

Almost all successful attacks on information security require the “help” of someone who operates a computer: developers who pay attention to functionality but not to security; system administrators who do not sufficiently secure software and devices; administrators who disregard information security and data protection requirements in their work; and finally users who take security for granted and do things with the user interface that no one has thought of.

The Security Operations Center (SOC) must therefore also include a Security Learning Center (SLC), which offers role-based training for employees and users. Information security is not possible without trained personnel, which is why staff training is now also required by law.

To paraphrase Loriot: security against cyber attacks without a learning environment is not only impossible, but also pointless.

As the weakest link in the security chain, people play a special role in information security – which is why awareness measures such as awareness training/live phishing training are extremely important.

 

Information security management: technology, people, processes

Information security arises from the interaction of technology, organization with its processes and people. It is no coincidence that an ISMS (Information Security Management System) is at the beginning and center of all efforts.

Information security management is successful when technologies, people and processes are coordinated and can adapt quickly, flexibly, sustainably and permanently to ever-changing threat situations.

 

Technologies – secure technology, controlled access to buildings, devices and services
People – awareness-raising, training, security culture
Processes – guidelines, risk management, crisis management, corporate communication

 

We advise youcontact us!

Information security and data protection

Safe employees for a sustainable safety culture

 

Cybercrime is part of digitalization.

Attacks on digital infrastructures and digital services are increasing worldwide. Cybercrime has become professionalized and has become a well-organized shadow economy based on the division of labour – not to say an industry.

Artificial intelligence helps cyber criminals in all phases of an attack, ensures that attacks are largely automated targeted. This exponentially increases the number of possible attacks and attack variants. Cyber criminals now only need less than 3 seconds of a voice message to clone a person’s voice using generative AI and thus falsify a phone call, a conversation or a video.

 

High-value targets have priority

Cyber attacks strive for efficiency. High-value targets – targets where “good” results can be achieved with little effort – are particularly popular for this reason – and particularly vulnerable.

The legislator has responded and, with NIS2, is placing high demands on companies and organizations of certain sizes or in critical infrastructures in terms of measures for damage prevention, business continuity management and resilience.

 

Employees need to be trained

Almost all successful attacks on information security require the “help” of someone who operates a computer: developers who pay attention to functionality but not to security; system administrators who do not sufficiently secure software and devices; administrators who disregard information security and data protec- tion requirements in their work; and finally users who take security for granted and do things with the user interface that no one has thought of.

The Security Operations Center (SOC) must therefore also include a Security Learning Center (SLC), which offers role-based training for employees and users. Information security is not possible without trained personnel, which is why staff training is now also required by law.

To paraphrase Loriot: security against cyber attacks without a learning environment is not only impossible, but also pointless.

As the weakest link in the security chain, people play a special role in information security – which is why awareness measures such as awareness training/live phishing training are extremely important.

 

Information security management: technology, people, processes

Information security arises from the interaction of technology, organization with its processes and people. It is no coincidence that an ISMS (Information Security Management System) is at the beginning and center of all efforts.

Information security management is successful when technologies, people and processes are coordinated and can adapt quickly, flexibly, sustainably and permanently to ever-changing threat situations.

 

Technologies – secure technology, controlled access to buildings, devices and services
People – awareness-raising, training, security culture
Processes – guidelines, risk management, crisis management, corporate communication

We advise youcontact us!

Technology

Secure infrastructure for your information

Your information needs a secure IT infrastructure. We support you in securing data storage, data transfer and data processing on your own devices, in the cloud and related devices and networks.

This happens among other things by:

  • Documentation and assessment of your current technical security status based on the ISMS framework you are planning or already using
  • Support in planning your security measures
  • Help with the configuration of technical components and protocols
  • Consultation on the monitoring of your IT infrastructure with report on deviations

People

Awareness campaigns, phishing simulations, Training courses

We help with the preparation and implementation of awareness campaigns, phishing simulations and with the creation and implementation of training concepts for a learning environment that does justice to the human factor in information security and complies with legal requirements.

An interdisciplinary team of psychologists, technicians and communication experts will support you in implementing a holistic concept that will strengthen your human firewall in the long term.

Information about our approach can be found here

Processes

Security processes and safety culture

Information security is always as good as the security processes and security culture of an organization, be it a business, government or other organization.

We support you in the design and implementation of your ISMS (Information Security Management System) and your security strategy.

Our premises are “help for self-help” and “viable information security” within the scope of your needs and possibilities. The result complies with current national and international reference standards and the current legal situation and the previous case law.

ISMS

ISMS: Information-Security-Management-System. We consult you.

Practitioners in Schleswig-Holstein have therefore developed a procedure with SiKoSH that also enables organizations with little time and resources to set up a professional ISMS (Information Security Management System), to safeguard the organization and to comply with legal obligations.

The SiKoSH procedure can be certified as BSI basic security and a perfect and low-effort entry into the ISMS topic.

We help you to implement an information security management system and ensure that you can independently continue the ISMS processes in a continuous optimization process.

Social Engineering – the human being as the weakest link in the safety chain

Famous and infamous hacker Kevin Mitnick describes the situation in a hearing of the U.S. Senate with these often quoted sentences:

“It is important to keep the overall situation in mind: people use insecure methods to verify security measures. The general trust in the security of the telephone system is certainly wrong and the example I have just described shows the reason for it. The human side of computer security is easily exploited and constantly overlooked. Companies spend millions of dollars on firewalls, encryption and secure access to resources. But all the money is wasted, because none of these measures address the weakest link in the safety chain: the people who use, manage, operate and be in charge of computer systems. “

Kevin Mitnick became known as the first social engineer in information systems.

Social engineering is a collection of methods that exploit innate or habitualized reactions of people to induce them to do things that are not necessarily in their own well-understood interest.

 

 

The most important social reactions are:

  • reciprocity
  • Commitment & consistency
  • Social proof
  • authority
  • sympathy
  • shortage

 

Together with cognitive engineering techniques and by exploiting cognitive biases, cybercriminals have a range of effective tools for attacking employees and customers.

Please contact us if you have any questions about the tools we use in a Phishing Awareness Campaign!

Interested? Call us!