Nowadays, preventive measures are no longer enough to achieve a comprehensive protection because the attack patterns and tools as well as IT systems change far too rapidly, so that attacks or infiltrations of private systems quite often are not detected at all or – indeed – too late. A solid and strategically integrated IT security architecture is needed uniting prevention, detection and reaction. Otherwise, the security approach will remain a mere patchwork and no comprehensive protection can be achieved.
Also, the internal organization must be oriented towards theses security requirements. Data protection officers and IT security officers are long-established roles in the enterprises. Chief security officer (CSO) or chief information security officer (CISO) and the central Security Operation Center (SOC) / Cyber Security Operation Center (CSOC) and the respective cyber emergency response teams (CERT) complete the organizational structures especially in large enterprises.
Measures and solutions for governance, risk and compliance support the different parties and the enterprise in their goal to focus on and enforce both the entrepreneurial and legal requirements regarding risk management, data security, data protection and corporate actions.
CONET aligns its IT security solutions according to the relevant legal and regulatory conditions regarding governance, risk and compliance. This includes:
- The basic principles of the BSI like the IT-Grundschutz (IT baseline protection) and its comprehensive guidelines for a good security practice, like e. g. common criteria (CC) or technical guidelines (TR)
- The specifications of the IT security law (IT-SIG) as well as the security catalogue of the Bundesnetzagentur especially for critical infrastructures (KRITIS) like for communication, energy and water providers
- Regulations and certification guidelines of ISO 27xxx
- GRC practices, guidelines and frameworks like those of ISACA, (ISC)2, NIST as well as in the project management and the operation of ITIL or PRINCE 2