Achieving a defined level of security:
The security concept

In the beginning is the security concept.

The development of a security concept is often the beginning of information security management. The aim of the security concept is to identify the necessary protection requirements of information, systems and processes and to define measures that are suitable for achieving a security level appropriate to this protection requirement. Based on the experience of SRC, the following procedure is suitable:

Identification of objects requiring protection and their need for protection
Analysis of the threats affecting the objects
Qualitative evaluation of probability of occurrence and potential damage amount
Definition of measures to reduce the probability of occurrence / amount of damage
Implementation of measures
Identification of the remaining risks after implementation of the measures
Determining how to deal with residual risks

This allows risks to be evaluated in a structured manner (risk analysis) and risk management measures to be defined.

Contact

Detlef Kraus

Sales

Our services

SRC supports you in the development of security concepts and in the selection and implementation of concrete measures on various topics.

Examples of important topics are:

Development of secure networks

In heterogeneous networks there are areas that require more protection than others — internal networks must be protected against attacks from the public network, network servers must be of high availability. We solve these tasks in close cooperation with you, create a proper concept and support you in its implementation.

Contingency plans

The goal of contingency plans is to be able to maintain business operations even in the event that certain parts or the entire IT infrastructure should fail. In cooperation with you, we determine the essential business processes, prioritize them and identify the dependency of these processes on IT. Depending on the prioritization of processes and the maximum tolerable downtime of the IT, we define measures to ensure that the tolerable downtime is not exceeded.

Maintenance through security management

To ensure that the security level once achieved by a security concept can be maintained permanently, it is advisable to establish a process that allows the concept to be permanently updated as part of a security management system.