IT Security Management

ADWEKO supports you in achieving a sustainable level of information security to comply with legal requirements such as MaRisk or BAIT

Challenges and requirements for IT security management

Due to the increasing networking of information technologies to support business processes as well as the constantly rising requirements of the regulator (e.g. BAIT, BDSG, DSGVO, KRITIS), IT and information security is becoming increasingly important. After many isolated applications have been built, especially in the course of the past regulatory wave (e.g. in accounting, reporting and risk areas), companies are faced with the challenge of harmonising them under an ISMS infrastructure and the corresponding processes. A flexible information security management system (ISMS) based on the ISO standards 27001/5, for example, can be an essential success factor for further growth as a company while maintaining the required security level.

ADWEKO supports you in developing a company-wide IT security management system based on the ISMS and in implementing it with the help of tools. Whether authorisation management, IT asset inventory, individual data processing (IDP) or organisational structure, we are at your side with advice and support.

Identity Access Management

Identity Access Management (IAM) describes overall solutions that provide users with access to IT resources that they need within the scope of their tasks.

Internal and external regulatory requirements (Governance & Compliance) demand that these accesses do not comprise more than is really necessary (least privilege, need to know or minimum principle). In addition, special risks, e.g. from critical functions and aspects of segregation of duties, are to be addressed when awarding contracts (segregation of duties).

Segregation of Duties

The separation of business and IT functions at user and authorisation level serves primarily to prevent fraudulent activities by users. It also reduces conflicts of interest and the risk of process errors.

ADWEKO follows a proven method to achieve SoD compliance that meets the regulatory requirements and provides support in setting up a SoD framework, establishing SoD rules and their implementation in suitable authorisation management software.

Privileged Access Management

Privileged Access Management (PAM) is the management of accounts with increased access rights (e.g. administrator rights) or privileged access to systems or resources. In addition to the classic IAM for business users, this complex of topics is primarily dedicated to the special protection requirements of privileged roles and rights in the IT sector.

ADWEKO supports the establishment of a PAM solution that manages all privileged accounts including the associated controls (e.g. password rotation or session monitoring). The starting point for this is a target/actual analysis of the PAM environment.

ITSM-compliant organisational structure

ADWEKO supports the establishment of an explicitly decentralised organisational model. Not only the review of strategy and governance is seen as a regular task of the organisation, but also roles, responsibilities and competences have to be defined. The separation of tasks is carried out according to the three-lines-of-defence model.

IT Asset Inventory

In addition to the traceable documentation of applications and processes, an IT asset inventory serves in particular to protect application data.

We support the introduction of an IT asset inventory, in which regulatory requirements must be taken into account. Efficient processes, which run periodically, ensure continuous updating and the permanent safeguarding of data protection, as well as guaranteeing reliable and constant data quality in the IT asset inventory.

Individual Data Processing

According to ISO, it must be ensured that applications for individual data processing (IDV) take into account the protection requirements of the processed data. Therefore IDVs must be identified, classified and inventoried.

ADWEKO provides support in securing IDVs that comply with requirements and serve as input for important corporate decisions. This includes the establishment of software-supported tools for the categorisation and handling of IDVs, the implementation of suitable control measures (automatic and manual checks) and the introduction of company-wide IDV standards and guidelines.

ITSM Services – Awareness Campaign

A large proportion of IT security incidents are promoted or caused by risky human behaviour. In the implementation of the ADWEKO security awareness campaign, we focus on making the risk factor "human" transparent and at the same time sensitising his behaviour. It is a package of measures that includes a phishing simulation in addition to classic training content.

A security awareness campaign also provides a better view of which internal processes and measures need to be improved or introduced in order to be prepared for the growing threat of cyber attacks and to raise the organisation to a higher security level.

Our Expertise

  • Project management

    Extensive experience in managing complex ITSM projects

  • Technical implementation

    Comprehensive knowledge of regulatory requirements and standards

  • Expertise

    Our consultants have many years of project experience and certifications in the field of ITSM

References

IT Security Management

ADWEKO supports a Landesbausparkasse in the field of reporting with the use of IT applications in accordance with IT security management

Mario Sonneborn