Our Technology

information security

Security is not a permanent state which, once achieved, will never change. Every organisation and public agency is subject to continuous dynamic changes. Many of these changes also affect information security due to changes in the business processes, tasks, infrastructure, organisational structures and the IT.

Managing and maintaining information security

The management level must actively initiate, manage and supervise the security process.A strategy for information security as well as IS objectives must be agreed. The impact of information security risks on the business operation and on the fulfillment of tasks.

making continuous improvements

Establishing information security is not a project with a limited time span but a continuous process. The appropriateness and effectiveness of all elements of the information security management system must be checked continuously. This means that not only individual information security safeguards must be checked but also that the information security strategy must be reviewed on a regular basis.

Reports to the management level

The upper management must ensure it is kept informed regularly about problems, the results of reviews and audits, the latest developments, altered prevailing conditions and opportunities for improvement so that it can fulfil its management function.

information sources and experiences

Information security is a complex issue, so the persons responsible for it must familiarise themselves with it very carefully. There are very many sources of information available that can be used for this. These include, among other things, existing norms and standards, Internet publications and other publications. Furthermore, co-operation with associations, peers, committees and other companies or public agencies as well as CERTs should be used for exchanging experiences about successful information security activities. Since the subject of information security is very broad, it is important to identify and naturally document the information sources and co-operation partners that are appropriate for the particular institution and the prevailing conditions.

What We Do

Resources for IT

Maintaining a particular level of information security always requires financial and personnel resources and time, which must be made available in sufficient quantities by the management level. If set objectives cannot be achieved due to lack of resources, it is not the fault of the persons responsible for implementation, rather, it is the fault of the superiors who have set unrealistic targets or have not made the necessary resources available.

Involving personnel in the information security process

Information security concerns all personnel without exception. By acting responsibly and with quality awareness, every individual can avoid damages and contribute to success. Increasing the awareness for information security and providing appropriate training for staff members as well for as all management personnel are therefore fundamental prerequisites for information security. In order to be able to implement security measures as planned, personnel must have the necessary basic skills to do so.

Planning the information security process

An information security management system does not necessarily have to be introduced for an entire institution. The area of application within which the ISMS should apply must therefore be specified first. The area of application frequently includes the entire institution but it can also, for example, relate to one or more tasks, business processes or organisational units. In this case it is important that the considered tasks and business processes are completely contained within the selected area of application.