The blu Experience

Menu
Menu

EN Security Compliance

Menu

Security Compliance

We take care of your security

Request now

1. Asses risks

Inventory of IT assets and information
Protection requirements
and risk analysis
IT risk management

2. Realize

Cyber scoring
Penetration test
Awareness training
Vulnerability management

5. Restore

Attack Path Analysis
Digital Forensic
Contingency planning and testing

3. Prevent and monitor

Anomalies and events
Continuous Security Monitoring
Detection Processes

4. Improve

Maturity audit
IT audit
Improve the internal control system

Inventarisierung der IT-Assets und Informationen
Schutzbedarfs- und Risikoanalyse
IT-Risikomanagement

Inventory of IT assets and information
Protection requirements and risk analysis
IT risk management

Cyber scoring
Penetration test
Awareness training
Vulnerability management

Anomalies and events
Continuous Security Monitoring
Detection Processes

Maturity audit
IT audit
Improve the internal control system

Attack Path Analysis
Digital Forensic
Contingency planning and testing

ISMS IMPLEMENTATION AND AUDIT

Our service for implementing an information security management system (ISMS) by ISO 27001 helps companies effectively protect their sensitive data and information and minimize security-related risks. We aim to provide you with a customized ISMS according to ISO 27001 that meets your specific requirements. With our service, you can strengthen information security in your company, gain the trust of your customers, and effectively manage potential risks. Contact us to find out more about our services to implement an ISO 27001 ISMS and protect your information.

OUR PROCEDURE

We conduct a comprehensive analysis of your company processes, infrastructure, and security standards to determine the current state.
Together with you, we define the scope of the ISMS. We determine which business units, locations, and processes, and derived from these, resources, IT systems, infrastructure and service providers are subject to certification.
Based on the identified risks, we develop an individual treatment plan. We assess the risks in terms of their probability and potential impact and derive targeted measures to minimize the risk.
We support you in defining an information security policy that reflects your corporate values and objectives. Together, we set clear goals for your ISMS that are both measurable and realistic.
We help you create the necessary documentation to meet the requirements of ISO 27001, including guidelines, procedural instructions, and security measures. Afterward, we support you in implementing these measures in your organization.
We offer training and awareness-raising measures so that your employees understand the importance of information security and can actively contribute to the success of the ISMS. For more information, please click here.
An ISMS requires continuous monitoring, evaluation, and improvement. We support you in introducing a monitoring and assessment system to measure the effectiveness of your ISMS and identify vulnerabilities. On this basis, we develop measures for continuous improvement and support you as an external ISB or CISO.
If you are aiming for ISO 27001 certification, we support you throughout the entire certification process. We support you in preparing for the audit and help you implement the necessary adjustments to successfully pass the certification.

IMPLEMENTING ISMS ACCORDING TO KRITIS

KRITIS implementation aims to ensure the security and stability of critical infrastructure. This involves identifying potential threats, preventing them, and responding appropriately. The KRITIS implementation aims to strengthen the resilience and resistance of critical infrastructures to cyberattacks, disruptions, or other security incidents.

The legal basis for KRITIS in Germany is the IT Security Act (IT-SiG) and the Regulation on the Determination of Critical Infrastructures according to the BSI Act (BSI-KritisV). According to the IT Security Act, operators of critical infrastructures are obliged to take appropriate precautions to ensure IT security. The BSI-KritisV specifies these requirements and defines the sectors in which operators are considered critical infrastructure.

Companies that are active in one of the sectors listed above and reach a certain critical infrastructure threshold are classified as critical infrastructure operators. They must meet the requirements of CRITIS to ensure the security of their infrastructure and minimize the potential impact of cyberattacks or disruptions. It is important to note that the exact thresholds and requirements may vary depending on the sector and size of the company.

If you have already implemented an information security management system (ISMS)

  • We review the current status of your ISMS and ensure that it meets the latest requirements and takes into account relevant best practices.
  • We identify the specific KRITIS requirements by analyzing the BSI-KritisV and comparing them with the existing ISMS elements.
  • We extend the ISMS by adding KRITIS-specific requirements. We create additional policies, procedures, and controls to ensure the protection of our critical infrastructure.
  • We review the risk analysis and assessment to ensure that it covers the specific risks and threats to critical infrastructure. Here, we consider the potential impact on society and establish processes for identifying and reporting security incidents.
  • We implement protective measures for your critical infrastructure by developing specific measures to ensure its security and resilience. This includes implementing additional technical security measures, strengthening physical security, and implementing access controls.
  • We provide training and raise awareness for your team by ensuring that your employees are informed about the specific KRITIS requirements and have received the necessary training. We raise their awareness of the specific risks and threats that critical infrastructure may be exposed to.
  • We regularly review the implementation of KRITIS measures by conducting internal audits and identifying and eliminating vulnerabilities or gaps to continuously improve the security of your critical infrastructure.
  • We establish a clear process for reporting security incidents according to KRITIS requirements. We ensure that your company can respond appropriately to incidents or attacks and that close cooperation with the relevant authorities is guaranteed.

Contact person

Torsten Enk

WordPress Cookie Notice by Real Cookie Banner
× Bewirb dich jetzt!