ASSETARIS
ASSETARIS
Improve your Information Security Level!
We will show you how to approach security effectively and to reach and live your security targets.
Our security consulting for companies, contractors, freelancers and public institutions.

Use well established Standards

Small and medium-sized enterprises also benefit from the working methods defined in the ISO 27001 and IT-Grundschutz standards.

We show you what is important

With a certification according to a recognized IT standard, a company can prove beyond any doubt and publicity that it places a high priority on the topic of information security. A certificate is issued by an accredited examination center if the minimum standards required by the standard have been met from the point of view of an independent auditor.

The standards ISO 27001 and especially the ISO 27001 after IT-Grundschutz of the BSI describe meaningful measures, which make a company considerably more robust in dealing with threats of its information security. We recommend all IT managers to take a look at the IT-Grundschutz Compendium of the BSI, because on more than 700 pages you will find concrete measures on many questions of information security.

For small and medium-sized enterprises, full implementation of standards is often difficult to impossible. Also, the documentation requirements and the associated effort often lead to a strong rejection of the standards. As independent consultants, we offer assistance so that the really important measures can nevertheless be implemented. In doing so, we strive to achieve a level of protection that meets your needs and is appropriate for your threat situation.

Large companies regularly conduct audits to find out if the required measures are still being implemented by the organization. We also consider this approach to be useful for small and medium-sized companies. Regular annual inspections of the company and an inspection of specific operational procedures make those responsible responsible and motivate the workforce to strive to strengthen information security.

Site Inspection

An on-site visit, together with an IT officer, provides our experts with the opportunity for a representative survey of the current situation. A large number of questions can be clarified directly with the employees on the following topics:

  • Responsibilities in the company
  • Existing guidelines and mission statements for employees
  • Access to information systems and physical access to server rooms
  • Perimeter protection for premises and dealing with guests and suppliers
  • High fire load in the environment of important infrastructures
  • Backups, their recovery and retention
  • Interfaces to other companies and their processes
  • Procedures and Precautions for Emergency

Our Experts

Holger Schmeken
MSc Business Informatics (Diploma at University of Münster)
IT-Security Auditor (TÜV)

Has more than 20 years of experience in general IT Consulting, Software Development and Business Management. Since 2 years intense dissemination with the topic information security consulting and auditing / revision of ISMS

ISO 27001

Formulates rules for the management level to implement an information security management system:

  • Leadership: Guideline, Roles, Powers and Responsibilities
  • Planning: safety goals, criteria for dealing with risks
  • Support: skills, ressources and documentation
  • Operation: measures and their control, risk assessment and treatment
  • Assessment: Management reports and audits
  • Continuous improvement process

This is substantiated in Annex A with a selection of objectives and measures (good pratice) on the following topics:

  • Organization: Roles, responsibilities, separation of duties, contact with authorities and interest groups, consideration of requirements in project management
  • Mobile devices and teleworking
  • Employee Selection
  • Asset Management
  • Access Control
  • Encryption (cryptography)
  • Physical and environmental security
  • Operational Safety
  • Communication Security
  • Acquisition, development and maintenance
  • Supplier Relationships
  • Handling information security incidents
  • Handling of crises (Business Continuity Management)
  • Compliance with legal and other requirements

ISO 27001 according to IT-Grundschutz

The Federal Office for Information Security (BSI) has thoroughly revised the IT-Grundschutz with the BSI standards 200-1 to 200-3:

  • Conformity with the revised IT-Grundschutz now also ensures compliance with ISO 27001
  • Comprehensive deepening of the necessary measures for conformity in the form of building blocks. This catalog of measures - called IT-Grundschutz-Kompedium - is considerably more extensive than Annex A of ISO 27001
  • Annual completion of the measures to build a completing best practice approach, provided by the BSI for free