p.groove {border-style: none; background-color:orange; width:150px; height:50px; position: fixed; right: 1px; bottom: 0px; z-index: -1;} .imag{ margin: 20px 0 -50px 10%; } @media only screen and (max-width: 1440px) { .imag{ margin: 0 0 -3% 18%; } .header { padding: 1px 0; height: 99px; } } @media only screen and (max-width: 768px) { .imag{ margin: 0 0 -5px 70px; } .icon-list { padding: 1em 2% 0.8em ; } .logo h1 a { position: relative; top: -50px; } .social-icons ul { position: relative; top: -16px; } .header { padding: 1px 0; height: 75px; } } @media only screen and (max-width: 425px) { .imag{ margin: 0 0 -20px 40px; } .header { padding: 1px 0; height: 63px; } } @media only screen and (max-width: 320px) { .imag{ margin: 0 0 -10px 30px; } .logo h1 a { position: relative; top: -41px; } .social-icons ul { position: relative; top: -16px; } .header { padding: 1px 0; height: 63px; } } @media only screen and (max-width: 1024px) { .imag{ margin: 0 0 -3% 13%; } .header { padding: 1px 0; height: 99px; } .logo h1 a { position: relative; top: -48px; } .social-icons ul { position: relative; top: -16px; } } images

Our Technology

Risk assessment

Every risk assessment must comprise the following steps: The information and business processes that are to be protected must be identified. All the relevant threats pertaining to the information and business processes that are to be protected must be identified Vulnerabilities which the threats can use to take effect must be identified

Selecting information security safeguards

Specific information security safeguards can be derived from the general information security objectives and information security requirements that the management level has specified. When selecting security measures, the cost-benefit aspects and the practical feasibility must also be considered.

Management appraisals

The management level must be kept informed about the results of the checks at regular intervals and in an adequate manner by the information security management. The problems, successes and opportunities for improvements should be pointed out.

IDetection of information security incidents

Measures must be implemented that allow information processing errors (which can compromise confidentiality, availability or integrity), mistakes that are critical to security and information security incidents to be avoided as far as possible, to be limited in their impact or at least noticed early on. The following, for example, can be used to detect security problems at an early stage: tools for monitoring systems, integrity checks, keeping a log of access, actions or errors, controlling the access to buildings and rooms or fire sensors, water sensors and air-conditioning sensors.

Specifying the area of application

An information security management system does not necessarily have to be introduced for an entire institution. The area of application within which the ISMS should apply must therefore be specified first. The area of application frequently includes the entire institution but it can also, for example, relate to one or more tasks, business processes or organisational units. In this case it is important that the considered tasks and business processes are completely contained within the selected area of application. Within the context of IT-Grundschutz, the term "information domain" is used for the area of application. It then also covers all the infrastructural, organisational, personnel and technical components that serve to fulfil the tasks in this area of application of information processing.

What We Do

policy for information security

A policy for information security must be drawn up in order to achieve the set information security objectives. For greater clarity, a separate chapter has been set aside to explain how a policy for information security can be planned and implemented and maintain the level of information security and improve it.

Performance review

A performance review and evaluation of the information security process by the management level should be performed regularly (management appraisal). If and when the need arises (for instance, if information security incidents are occurring with increasing frequency or if there are serious changes to the prevailing conditions), meetings must also be held between the scheduled times. All results and decisions must be clearly documented .


Development of the security concept To fulfil the information security objectives and achieve the aspired level of information security, an understanding must first be developed for how IT risks can threaten the fulfilment of tasks and business processes depends on the confidentiality, integrity, and availability of information. Therefore it has to be examined, which threat scenarios like force majeure, organisational shortcomings, human failure or IT risks threaten business processes