At the beginning there is the safety concept.
The development of a security concept is often the beginning of information security management. The aim of the security concept is to identify the necessary need for protection of information, systems and processes and to define measures that are suitable for achieving a level of security appropriate to this need for protection. In this regard, based on the experience of the SRC, the following approach is appropriate:
-
Identification of objects worthy of protection and their need for protection
-
Analysis of the threats acting on the objects
-
Qualitative assessment of probability of occurrence and potential amount of damage
-
Definition of measures to reduce the probability of occurrence / extent of damage
-
Implementation of measures
-
Identification of residual risks remaining after implementation of measuresDetermining how to deal with residual risks
In this way, risks can be assessed in a structured manner (risk analyses) and measures for risk treatment can be defined.
Our offer
SRC supports you in the creation of security concepts and in the selection as well as implementation of concrete measures on various topics.
Examples of important subject areas include:
Development of secure networks
In heterogeneous networks, there are areas that require more protection than others – internal networks must be secured against attacks from the public network, network servers must be highly available. We also solve these tasks together with you, create a suitable concept and support you in its implementation.
Emergency concepts
Being able to maintain business operations even in the event that parts of or the entire IT infrastructure fails is the goal of emergency concepts. Together with you, we determine the essential business processes, prioritize them and identify the dependency of these processes on IT. Depending on the prioritization of the processes and the maximum tolerable IT downtime, we define measures to ensure that the tolerable downtime is not exceeded.
Maintenance through safety management
To ensure that the safety level once achieved by a safety concept can be maintained permanently, it is advisable to establish a process for permanently updating the concept as part of a safety management system.