top of page
Start
ISO 27001, TISAX®, IT-SiKat, SzA, B3S, KRITIS, VAIT, IT security catalog, VDA ISA, attack detection systems, pharmaceuticals, food retail, hospitals, hosting, CDN, traffic control systems, control systems, food industry, aggregators, data centers, ISO 27017, ISO 27019, ISO 27701

CYBER SECURITCHECK (IT) ⚫️⚫️🔴

Performing CSCs in the office IT of companies and authorities worldwide.

No minimum requirements!

 

Neither an ISMS nor documents on the organizational and security structure are necessary to carry out a cyber security check. Furthermore, there are no requirements regarding the current progress in the implementation of security measures.

 

You can have the check carried out regardless of the current state of your security infrastructure.

What clients and cooperation partners say:

"A complete professional, through and through! As part of a comprehensive ISO 27001 certification, Mr. Borgers gave us crucial recommendations as part of a thirty-party audit prior to the certification, so that we successfully passed the ISO 27001 certification audit right at the first attempt. His way of working was characterized by extreme care, thoroughness, foresight and outstanding specialist knowledge. Deadlines were always met on time. I can recommend Mr. Borgers without reservation. Anyone who wants to implement an ISO 27001 certification effectively is in good hands with him."
Martin Kerkmann via LinkedIn | EPLAN

The Cyber Security Check for the office IT of companies and authorities is based on the free Cyber Security Check guide, which was developed by the German Federal Office for Information Security (BSI) in cooperation with the professional association of IT auditors, IT security managers and the IT governance officers ISACA Germany Chapter e. V. The check offers a comprehensive review of your IT systems and networks in order to identify potential risks and enable early treatment. It is specifically geared towards the need to protect office IT and helps companies and authorities to drive forward targeted measures to improve their IT security.

 

Protecting office IT is particularly important today, as a variety of threats from the Internet can have a direct impact on the security of data and systems and thus on business processes. One of the biggest threats is cyber attacks. By using malware and ransomware, attackers can gain control of IT systems and steal, manipulate or even delete sensitive data. Another threat is the human component, particularly in the form of phishing attacks. Here, employees are deliberately tricked into revealing sensitive information such as passwords or access data using fake emails, websites or messages. Under certain circumstances, these attacks can even bypass multi-factor authentication (MFA), leading to significant security breaches and data leaks. But the growth of cloud-based applications and the increasing use of mobile devices are also steadily increasing the risk of security breaches and data leaks. Many companies are increasingly dependent on cloud-based applications to digitize their business processes and make them more flexible. However, this can also lead to new vulnerabilities in IT if, for example, the applications are not sufficiently or incorrectly secured.

 

In order to minimize these and other risks, it is essential that companies and authorities regularly check their office IT for security gaps and take measures to eliminate them. The Cyber Security Check (IT) can help with this by offering a comprehensive check of IT systems and networks. The measures from the free Cyber Security Check guide are tailored to the specific needs of office IT and also take current cyber threats into account. They include, for example, checking the network and system configuration, access rights, security measures, updates and patch management, as well as backup and recovery procedures. By implementing the measures contained in the guide, companies and authorities can eliminate many security gaps before they are exploited by attackers.

No ISMS required

Every ISMS (Information Security Management System) requires a comprehensive understanding and management of information security within the company. Extensive processes must be implemented and constantly monitored in order to ensure the desired level of information security. The advantage of the Cyber Security Check (IT) is that it can be carried out independently of an ISMS. No ISMS is required to check and improve cyber security in the area of office IT. The check can be carried out at any time in an organisation's security process; neither documentation on the security process nor a certain level of progress in the implementation of security measures is required. It can therefore be a time- and cost-efficient solution for companies that want to improve their cyber security in office IT in a timely manner.

Subject of the check

The Cyber Security Check (IT) basically covers the entire organisation, including its connections to the internet, connections to the internet via other organisational units (excluding operational technology) and all connections to other networks, such as networks of partners, service providers and customers. Control systems, e.g. for fire alarms, access control and video surveillance, are also taken into account, even if they are not directly accessible via the internet, as they may be affected by indirect attacks and then establish an external connection. Physical security (environmental events, spatial security, etc.), on the other hand, is not part of the cyber space and therefore plays only a minor role in the cyber security check (IT).

The procedure

When conducting the cyber security check (IT), it is important to determine the scope and complexity of the object to be assessed in order to be able to estimate the effort required. Before the check is carried out, a common understanding should be created of what systems are to be checked. The scope should then be approved by the management level, such as the management or the head of the authority. The scoping can already be part of the assignment and define a time frame. In complex and extensive environments, it may be useful to carry out the scoping in advance. The implementation strictly follows the guidelines of the free Cyber Security Check and therefore consists of the following steps:

  1. Placement of order
     

  2. Risk assessment
     

  3. Information review
     

  4. Preparation of on-site assessment
     

  5. On-site assessment
     

  6. Post-processing/report generation​​

Cyber Security Check IT.png

Audit focus, industries and KRITIS sectors:

ISO 27001, B3S, KRITIS, IT-SiKat, TISAX®, VAIT, VDA ISA, §8a BSIG, KritisV, ISO 27002, IT security catalog, ISO 27019, §11 1a EnWG, §11 1b EnWG

You have questions regarding the

CYBER SECURITY CHECK?

Sometimes a direct conversation is simply unbeatable. Please do not hesitate to arrange a free conversation via our telephone calendar!

 

IMG_1092.png
bottom of page