INFODAS GmbH can provide tailor-made measures in the field of communication, awareness and training. Targeted measures for raising security awareness based around a communication concept have been conceived and implemented. An example worth mentioning here is a training workshop that enables participants to understand and support the information security management process and to act as multipliers to promote it in the company. By way of example, the following topics are communicated during the workshop:
- As part of a general motivation session on the subject of information security current incidents and trends are illustrated and the most important threat types explained, including computer viruses, Trojans, worms, spam, botnets, exploitation of security loopholes, hidden data, phishing, spoofing, social engineering and general issues with web applications such as SQL injection, cross-site scripting, website defacement, frame spoofing etc.
- Existing threats and their structure as well as potential analyses
- General objectives of information security management and its portrayal as a protection requirement. Evaluation basis for the protection requirement and other requirements. In particular it is shown how the availability protection requirement can result in a maximum acceptable downtime.
- Overview of standards and methods in the information security sector. Starting from the IT security manual, through the IT-Grundschutz Catalogues up to the BSI standards and certification under ISO 27001 on the basis of IT-Grundschutz.
- Methodology in accordance with IT-Grundschutz with the steps of structure analysis, determining the protection requirements, modelling in accordance with IT-Grundschutz, basic security check, supplementary security analysis and risk analysis.
- Evaluation and management of risks along with the dovetailing of information security management – including information security risks – into the company’s overarching risk management strategy.
- As regards the selection of IT security safeguards, it is shown that their adequacy can be guaranteed, and the general requirements on the safeguards elucidated.
- Depiction of the process for certification in accordance with ISO 27001 on the basis of IT-Grundschutz.