IT Security Management

Cyber-attacks are posing are posing a more and more serious risk to all companies that leverage digital systems.

To counter these threats legislators in Europe have agreed on various initiatives that will have a massive impact on the urgency of implementing security measures.

Direct intervention options of the regulatory authorities and the sanctioning of management are a novelty that pose significant risk, even personal, for C-level executives.

  • NIS-2 Network and Information Security Directive (EU)
  • CRA Cyber Resilience Act
  • ER Critical Entities Resilience Directive (vgl. KRITIS)

The challenges that companies face with these laws consist not only in taking targeted measures to increase security, but also in the continuous operation of these measures – a fact that is often ignored.

This is because solving and managing security problems also requires tasks outside of IT, within business units. The classic approach of setting up a SOC (Security Operations Center) is far from sufficient because it is the specialist departments that are increasingly forced to either accept the threats that arise or have them eliminated by IT (sometimes with complex ticket management systems).

impetus supports you in the practical measures that are required after the implementation of an Information Security Management System (ISMS) or when using IT security solutions (vulnerability scanners, event monitoring tools, SOC, incidents, etc.). We offer consulting as well as support in the analysis and automation of security management processes such as vulnerability management, event management or incident management.

We support you with IT security process tasks:

  • Analysis, consulting, and implementation of security management processes
  • Simple enforcement of IT security compliance guidelines
  • Support for downstream SOC processes
  • Control of change management processes
  • Automation of remediation & exception management processes
  • Implementation of recertification processes

IT Security Management Consultation

Our know-how

We have been advising large and medium-sized companies on security management for over 10 years and supporting them in complying with regulatory requirements in the financial services sector.

With our many years of experience and our know-how based on BSI basic protection, ISO 27001 and the NIST Cyber Security Framework, we integrate business processes from the specialist departments with the various IT systems into smooth process flows.

We support you in improving your security measures regarding NIS-2, CRA and CER. Transparency helps you to identify security gaps and optimization potential and to reduce costs in the long run.

Effective security management begins with the support of the management and is usually implemented through a so-called information security management system. In this case, two motivational drivers are of crucial importance:

  • The entrepreneurial will to actively counteract real cyber threats and protect the company.
  • Compliance with legal or regulatory requirements for companies.

Our solution: Amber Logic – IT Security Management Engine

What exactly is Amber Logic?

Amber Logic provides an integrated, entity-based workflow engine that enables collaboration between departments and the automation of IT security processes. Amber Logic enables the aggregation and intelligent processing of tasks through the use of rule systems, which can greatly reduce the workload and thus the costs in the company.

The following modules are currently available in Amber Logic:

  • Security Issue Management
  • Remediation & Exception Management
  • Certification Management
  • Software Release Management
  • Change Management
  • Master Data Management

Our tasks:

  • Management of monitoring systems.
  • Configuration of the systems to be monitored, the test repository and the monitoring data itself.
  • Observation and alerting in the event of a breach of policies (rules) and/or in configuration management.
  • Supporting the IT admin in the qualification of monitoring events.
  • Creation of reports and documentation.
  • In addition to supporting you in setting up, operating and organizing your IT security requirements, we also provide already defined solution approaches for companies.

We are looking forward to hearing from you.