Information Security Management Redesigned
The automated way to achieve appropriate IT security levels
Organisations and public authorities prove their systematic approach to securely manage their IT systems by installing an information security management system (ISMS) that is based on the IT-Grundschutz methodology of the German Federal Office for Information Security (BSI). In light of shorter product life cycles and increasingly complex IT infrastructures, it is not simple to continuously manage and maintain appropriate IT security levels according to these guidelines: The selection of the security measures as well as the monitoring of the successful implementation represents a growing challenge for security officers and is hardly manageable with existing resources. How can an appropriate IT security level according to IT-Grundschutz be nonetheless reliably and sustainably implemented?
Not just a tool but a completely new methodology
Our answer to this question is “automated IT-Grundschutz” (aGS): aGS is not just a tool but a completely new methodology which helps to implement secure target configurations within a short period of time for a number of technologies . Their implementation is reliably and automatically checked and the results documented in compliance with BSI standards.
The core of the new aGS methodology is the idea of modelling the IT network using pre-defined security modules (SiM) which define standardised security requirements for each class of target objects. They not only contain the guidelines from the BSI Grundschutz elements but also best practice recommendations for each technology and product version. The SiM are therefore much more precise. Thanks to the “translation” of technical measures into specific settings, they can be checked automatically. And for all non-technical measures, the SiM specify detailed multiple-choice questions which can be quickly and easily answered by the relevant employees themselves via web surveys.
The existing security modules - currently a total of 75, 40 of which are for systems, networks and applications - are ready for immediate use. Therefore, companies, public authorities and operators of critical infrastructures can already implement the IT-Grundschutz methodology and benefit from significant savings in time, cost and resources. Additional SiM are continuously added.