Cyber security for companies
Detect and resolve unauthorized access and errors in your IT system
{ before they occur }
Cyber Security for Business
Are you up to speed with your challenges?
Cyber security, according to the NIST Framework, is divided into five “core functions” that are subdivided into a total of 23 “categories.” For each category, it defines a set of subcategories of cybersecurity outcomes and security controls, with a total of 108 subcategories.
Here is a rough summary of the functions and categories:
Identification – “Develop organizational understanding to manage cybersecurity risks to systems, assets, data, and capabilities.
Asset Management
The data, people, equipment, systems, and facilities that enable the organization to achieve its business objectives are identified and managed according to their relative importance to the organization’s business objectives and risk strategy.
Business Environment
The organization’s mission, goals, stakeholders, and activities are understood and prioritized; this information is used to make cybersecurity roles, responsibilities, and risk management decisions.
Governance
The policies, procedures, and processes for managing and monitoring the organization’s regulatory, legal, risk, environmental, and operational requirements are known and incorporated into cybersecurity risk management.
Risk Assessment
The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and people.
Risk Management
The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.
Supply chain risk management
The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support risk decisions related to supply chain risk management. The organization has processes in place to identify, assess, and manage supply chain risks.
How can companies increase IT security?
Do you know all the threats to your system?
“Develop and implement appropriate protection measures to ensure the delivery of critical infrastructure services.”
Access Control
Access to assets and related facilities is limited to authorized users, processes or devices, and authorized activities and transactions.
Awareness and Training
The organization’s personnel and partners are provided with cybersecurity awareness and appropriate training to perform their information security-related duties and responsibilities in accordance with relevant policies, procedures, and agreements.
Data Security
Information and records (data) are managed in accordance with the organization’s risk strategy to protect the confidentiality, integrity and availability of information.
Information protection
processes and procedures
Security policies (addressing purpose, scope, roles, responsibilities, management commitment, and coordination among organizational units), processes, and procedures are maintained and used to manage the protection of information systems and assets.
Maintenance
Maintenance and repairs of industrial control and information system components are performed in accordance with policies and procedures.
Protective technology
Technical security solutions are managed to ensure the security and resilience of systems and assets, in accordance with relevant policies, procedures and agreements.
Detect
“Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.”
Anomalies and events
Anomalous activity is detected in a timely manner and the potential impact of events is understood.
Continuous safety
monitoring
The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures.
Detection processes
Detection processes and procedures are maintained and tested to ensure timely and appropriate detection of anomalous events.
Respond
Develop and implement the appropriate activities to take action related to a detected cybersecurity incident.
Response Planning
Response processes and procedures are executed and maintained to ensure timely response to detected cybersecurity incidents.
Communication
Response activities are coordinated with internal and external stakeholders to include external law enforcement support.
Analysis
Analysis is conducted to ensure appropriate response and support recovery activities.
Mitigation
Activities are conducted to prevent the spread of an event, mitigate its impact, and remediate the incident.
Improvements
Organizational response activities are improved by incorporating lessons learned from current and previous detection/response activities.
Recovery
Develop and implement the appropriate activities to maintain resiliency plans and recover any capabilities or services impacted by a cybersecurity incident.
Recovery Planning
Recovery processes and procedures are executed and maintained to ensure timely recovery of systems or assets impacted by cybersecurity events.
Improvements
Recovery planning and processes are improved by incorporating lessons learned into future activities.
Communication
Recovery activities are coordinated with internal and external parties, such as coordination centers, Internet service providers, owners of systems under attack, victims, other CSIRTs, and vendors.
With our CuriX Health Check you ensure more IT security in your company
The CuriX® Health Check reveals possible security gaps in your IT system in just 5 steps. You get a detailed insight into the strengths and weaknesses as well as the current security level of your company’s IT systems.
Based on a standardized questionnaire, we jointly develop a comprehensive picture of the state of your ICT system.
We then analyze your IT system for potential risks and vulnerabilities that could lead to a cyber attack
Together with you, we develop a catalog of measures and a plan of action to make your ICT system fit for the future.
Bottom Up we present the results and derived measures on management level
Organizationally and technically, we support you in operating your ICT system reliably and sustainably
Secure you and your IT system now against hackers, failures and critical errors. We analyze your infrastructure and all related components in detail and convey everything you need to know in an understandable presentation.
