IT Security Management
Cyber-attacks are posing are posing a more and more serious risk to all companies that leverage digital systems.
To counter these threats legislators in Europe have agreed on various initiatives that will have a massive impact on the urgency of implementing security measures.
Direct intervention options of the regulatory authorities and the sanctioning of management are a novelty that pose significant risk, even personal, for C-level executives.
- NIS-2 Network and Information Security Directive (EU)
- CRA Cyber Resilience Act
- ER Critical Entities Resilience Directive (vgl. KRITIS)
The challenges that companies face with these laws consist not only in taking targeted measures to increase security, but also in the continuous operation of these measures – a fact that is often ignored.
This is because solving and managing security problems also requires tasks outside of IT, within business units. The classic approach of setting up a SOC (Security Operations Center) is far from sufficient because it is the specialist departments that are increasingly forced to either accept the threats that arise or have them eliminated by IT (sometimes with complex ticket management systems).
impetus supports you in the practical measures that are required after the implementation of an Information Security Management System (ISMS) or when using IT security solutions (vulnerability scanners, event monitoring tools, SOC, incidents, etc.). We offer consulting as well as support in the analysis and automation of security management processes such as vulnerability management, event management or incident management.
We support you with IT security process tasks:
- Analysis, consulting, and implementation of security management processes
- Simple enforcement of IT security compliance guidelines
- Support for downstream SOC processes
- Control of change management processes
- Automation of remediation & exception management processes
- Implementation of recertification processes