IT-Security Management

ADWEKO supports financial service providers in the IT security management of their system landscape.

    Every IT system landscape is subject to various risks, which increase with the growing importance of IT. In addition to internal risks, such as operating errors or misuse, the importance of external risks, such as hacker attacks, is growing. In order to take account of these growing risks, the regulator continues to develop the supervisory requirements and regularly redefines the supervisory focus areas.

    Supervisory security management focuses on the protection of information that is processed by or with IT. The respective information is to be evaluated with regard to its protection requirement for the respective protection goals “confidentiality”, “integrity”, “availability” and “authenticity” and, depending on the protection goal, corresponding target measures for the protection of this information are to be implemented for the processing IT assets (applications, processes).

    Development of a central Identity & Access Management

    Implementation of a central authorization management tool with automatic Processes for granting and withdrawing authorizations, SoD management and recertification

    Management of individual data processing

    Definition of a life cycle for IDV with processes for identification, determination of protection requirements, development and replacement. Introduction of an IDV management system to ensure the completeness of the IDV inventory

    Structure of the information network

    Establishment of a complete and always up-to-date information network as an overview of the IT assets (information, processes, applications, infrastructure, buildings, service providers) and for determining protection requirements

    DIGITALE OPERATIVE RESILIENZ

    FUTURE-PROOF IN THE DIGITAL WORLD

    Within IT security management, there are numerous interactions between the individual disciplines, which is why we always take a holistic view of IT security management in our projects. Topics such as the management of administrators as part of the authorization management and their monitoring within the operational information security management with the help of the SIEM can hardly be separated from each other.

    Setting up a comprehensive information security management system and monitoring its implementation and compliance as part of an internal control system that covers both 1st and 2nd line is an essential step towards sustainable IT security.

    The information network is an essential building block in information security management, so the various IT assets and their interfaces and dependencies are documented here in order to determine the protection requirements of the IT assets. In addition to the classic consideration of the processed information objects for the protection objectives of confidentiality, integrity and authenticity and the supported processes for determining the availability requirements, cumulative risks and technical dependencies should also be taken into account when determining the protection requirements.

    Depending on the protection requirements of the IT assets, target measures of different strengths should be defined on a risk basis and ideally described in a comprehensive catalogue of target measures.

    OUTSOURCING MANAGEMENT

    Outsourcing management has the task of ensuring that the regulated institution has full responsibility for outsourced activities at all times. It must be informed about the outsourced activity as if it were performed within the institute itself. To ensure this, outsourcing management must be included in the purchasing process as early as possible. This means that every external purchase can be examined for its regulatory relevance. In addition, appropriate management of the service provider relationship and the resulting risks as well as a regular review of these are made possible.

    Outsourcing Management

    The more significant the identified risks – and therefore the outsourcing – are, the stricter the supervisory requirements that need to be met. This applies not only to the contract with the service provider, but also to the operationalization of the relationship. For example, regular reports on the service provider’s performance must be obtained, reviewed and the results reported to management and, if necessary, to the supervisor.

    Outsourcing management has close links to emergency management, information security and data protection. Cross-cutting issues also exist with the operational requirements of BAIT, VAIT, ZAIT and KAIT.

    MORE ABOUT ITSM?

    IT-Security Regulatory Update | May 2024 | 07.06.2024

    IT-Security Regulatory Update | May 2024 | 07.06.2024

    IT Security Regulatory Update | April 2024 | 14.05.24

    IT Security Regulatory Update | April 2024 | 14.05.24

    IT Security Regulatory Update | March 2024 | 08.04.24

    IT Security Regulatory Update | March 2024 | 08.04.24

    IT Security Regulatory Update | February 2024 | 06.03.24

    IT Security Regulatory Update | February 2024 | 06.03.24

    IT Security Regulatory Update | January 2024 | 06.02.24

    IT Security Regulatory Update | January 2024 | 06.02.24

    VEREINIGTE HAGEL X ADWEKO IAM Management | 30.01.24

    VEREINIGTE HAGEL X ADWEKO IAM Management | 30.01.24

    IT Security Regulatory Update | December 2023

    IT Security Regulatory Update | December 2023

    Use case: Increasing awareness in information security through IPA

    Use case: Increasing awareness in information security through IPA

    IT Security Regulatory Update | November 2023

    IT Security Regulatory Update | November 2023

    Information risk management – an overview

    Information risk management – an overview

    IT Security Regulatory Update | September 2023

    IT Security Regulatory Update | September 2023

    Information security trends and threats

    Information security trends and threats

    DORA – or what remains of the BAIT? | IT Regulatory Conference

    DORA – or what remains of the BAIT? | IT Regulatory Conference

    Free webinar october 17, 11 a.m.  “DORA – Much ado about nothing?”

    Free webinar october 17, 11 a.m. “DORA – Much ado about nothing?”

    IT Security Regulatory Update | July 2023

    IT Security Regulatory Update | July 2023

    Digital Operational Resilience | Status of Delegated Acts

    Digital Operational Resilience | Status of Delegated Acts

    ESG – Preparation supervision meeting – part 3

    ESG – Preparation supervision meeting – part 3

    ESG – Preparation supervision meeting – part 2

    ESG – Preparation supervision meeting – part 2

    IT Security Regulatory Update | April 2023

    IT Security Regulatory Update | April 2023

    IT Security Regulatory Update | March 2023

    IT Security Regulatory Update | March 2023

    IT Security Regulatory Update | February 2023

    IT Security Regulatory Update | February 2023

    IT security management since 2023 at ADWEKO own business unit

    IT security management since 2023 at ADWEKO own business unit

    IT-Security Regulatory Update | January 2023

    IT-Security Regulatory Update | January 2023

    IT-Security Regulatory Update | December 2022

    IT-Security Regulatory Update | December 2022

    IT-Security Regulatory Update | November 2022

    IT-Security Regulatory Update | November 2022

    IT-Security Regulatory Update | October 2022

    IT-Security Regulatory Update | October 2022

    IT-Security Regulatory Update | September 2022

    IT-Security Regulatory Update | September 2022

    ADWEKO at the 16th Annual Forum on Overall Bank Management (IMH)

    ADWEKO at the 16th Annual Forum on Overall Bank Management (IMH)

    IT-Security Regulatory Update | August 2022

    IT-Security Regulatory Update | August 2022

    IT-Security Regulatory Update | July 2022

    IT-Security Regulatory Update | July 2022

    IT-Security Regulatory Update | June 2022

    IT-Security Regulatory Update | June 2022

    The new IT Security Newsletter with matrix technology & FSP

    The new IT Security Newsletter with matrix technology & FSP

    IT-Security Regulatory Update | May 2022

    IT-Security Regulatory Update | May 2022

    IT-Security Regulatory Update | April 2022

    IT-Security Regulatory Update | April 2022

    ADWEKO becomes 360° provider for compliance issues with X1F

    ADWEKO becomes 360° provider for compliance issues with X1F

    VAIT amendment published

    VAIT amendment published

    IT-Security Regulatory Update | February 2022

    IT-Security Regulatory Update | February 2022

    IT-Security Regulatory Update | January 2022

    IT-Security Regulatory Update | January 2022

    Corona, IT security and home office – new arguments for the cloud?

    Corona, IT security and home office – new arguments for the cloud?

    As ADWEKO we know the pitfalls in IT security management and we know how to design and implement measures on a project basis and how to continue them down the line afterwards.

    Talk to
    JULIAN PHILIPPI
    !

    Julian Philippi