Cyber security for companies

Detect and resolve unauthorized access and errors in your IT system
{ before they occur }

Cyber Security for Business

Are you up to speed with your challenges?

Cyber security, according to the NIST Framework, is divided into five “core functions” that are subdivided into a total of 23 “categories.” For each category, it defines a set of subcategories of cybersecurity outcomes and security controls, with a total of 108 subcategories.

Here is a rough summary of the functions and categories:
Identification – “Develop organizational understanding to manage cybersecurity risks to systems, assets, data, and capabilities.

 

 

Asset Management

The data, people, equipment, systems, and facilities that enable the organization to achieve its business objectives are identified and managed according to their relative importance to the organization’s business objectives and risk strategy.

Business Environment

The organization’s mission, goals, stakeholders, and activities are understood and prioritized; this information is used to make cybersecurity roles, responsibilities, and risk management decisions.

Governance

The policies, procedures, and processes for managing and monitoring the organization’s regulatory, legal, risk, environmental, and operational requirements are known and incorporated into cybersecurity risk management.

Risk Assessment

The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and people.

Risk Management

The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.

Supply chain risk management

The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support risk decisions related to supply chain risk management. The organization has processes in place to identify, assess, and manage supply chain risks.

How can companies increase IT security?

Do you know all the threats to your system?

“Develop and implement appropriate protection measures to ensure the delivery of critical infrastructure services.”

 

 

 

 

Access Control

Access to assets and related facilities is limited to authorized users, processes or devices, and authorized activities and transactions.

Awareness and Training

The organization’s personnel and partners are provided with cybersecurity awareness and appropriate training to perform their information security-related duties and responsibilities in accordance with relevant policies, procedures, and agreements.

Data Security

Information and records (data) are managed in accordance with the organization’s risk strategy to protect the confidentiality, integrity and availability of information.

Information protection
processes and procedures

Security policies (addressing purpose, scope, roles, responsibilities, management commitment, and coordination among organizational units), processes, and procedures are maintained and used to manage the protection of information systems and assets.

Maintenance

Maintenance and repairs of industrial control and information system components are performed in accordance with policies and procedures.

Protective technology

Technical security solutions are managed to ensure the security and resilience of systems and assets, in accordance with relevant policies, procedures and agreements.

Detect

“Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.”

 

 

 

 

 

 

Anomalies and events

Anomalous activity is detected in a timely manner and the potential impact of events is understood.

Continuous safety
monitoring

The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures.

Detection processes

Detection processes and procedures are maintained and tested to ensure timely and appropriate detection of anomalous events.

Respond

Develop and implement the appropriate activities to take action related to a detected cybersecurity incident.

Response Planning

Response processes and procedures are executed and maintained to ensure timely response to detected cybersecurity incidents.

Communication

Response activities are coordinated with internal and external stakeholders to include external law enforcement support.

Analysis

Analysis is conducted to ensure appropriate response and support recovery activities.

Mitigation

Activities are conducted to prevent the spread of an event, mitigate its impact, and remediate the incident.

Improvements

Organizational response activities are improved by incorporating lessons learned from current and previous detection/response activities.

Recovery

Develop and implement the appropriate activities to maintain resiliency plans and recover any capabilities or services impacted by a cybersecurity incident.

 

 

 

Recovery Planning

Recovery processes and procedures are executed and maintained to ensure timely recovery of systems or assets impacted by cybersecurity events.

Improvements

Recovery planning and processes are improved by incorporating lessons learned into future activities.

Communication

Recovery activities are coordinated with internal and external parties, such as coordination centers, Internet service providers, owners of systems under attack, victims, other CSIRTs, and vendors.

With our CuriX Health Check you ensure more IT security in your company

 

The CuriX® Health Check reveals possible security gaps in your IT system in just 5 steps. You get a detailed insight into the strengths and weaknesses as well as the current security level of your company’s IT systems.

 

 

 

 

1
INTERVIEWS & RISK ASSESSMENTS

Based on a standardized questionnaire, we jointly develop a comprehensive picture of the state of your ICT system.

2
CYBERSECURITY & OPERATIONAL RISK IDENTIFICATION

We then analyze your IT system for potential risks and vulnerabilities that could lead to a cyber attack

3
CATALOG OF MEASURES AND ACTION PLAN

Together with you, we develop a catalog of measures and a plan of action to make your ICT system fit for the future.

4
MANAGEMENT PRESENTATION

Bottom Up we present the results and derived measures on management level

5
PROACTIVE MONITORING

Organizationally and technically, we support you in operating your ICT system reliably and sustainably

Secure you and your IT system now against hackers, failures and critical errors. We analyze your infrastructure and all related components in detail and convey everything you need to know in an understandable presentation.

Analyze your security status