This website uses Google Analytics. Please click here to prevent Analytics from tracking your surfing behavior. Click here to stop the tracking.

Security and Risk Management

Integral and continuous process

 

Governance, Risk & Compliance (GRC)

Cyber security must not be patchwork, but requires the frame of an integral security management from security conception to compliance of regulations up to estimation of residual risks.

PDCA Concept

The BSI-Standard 100-1 for Information Security Management Systems (ISMS) as per ISO 27001 recommends the well-proven PDCA concept (Plan, Do, Check, Act) for all IT security processes.

3 Posts of Security

  • Technical measures
  • Physical measures
  • Organisational measures

"Plan" and "Do"

Plan and realise the use of our innovative INSYS routers with effective security features like for manipulation protection for example.

"Check"

Check the e.g. the following using the INSYS routes:

  • unauthorised access attempts at the web interface
  • each change of configuration
  • connecting and disconnecting a device at the Ethernet switch (link up, link down) 
  • the receipt of IP packets from an unknown device (statefull firewall)

 
"Act" 

Benefit from the "duress alarm" and act since our routers inform you immediately - a later evaluation of the log file might literally be too late.

Policies & Procedures

Only the interaction of technical, physical and organisational measures as well as their regular check and update provides maximum security; raising the awareness of the employees is only one of many factors of success. This is based on clear guidelines and processes.

INSYS icom routers support the processes recommended by the BSI. Moreover, they meet the concepts of the BDEW White Paper and are based on the Associated Execution Notes.

 

Technical measures

The router products of INSYS icom provide comprehensive security features for the protection against accidental and targeted cyber attacks – read more  about

 

  • A like authentication to

  • Z like Zugriff to web interface can be disabled

 

Physical measures

The measures ensure that only authorised persons have physical access; the aspects are of "constructional nature" like:

  • Lockable distribution cabinets

  • Access limitations for critical rooms/areas

  • Access logging

  • Video monitoring

  • Tamper protection for security-critical components

  • Protection against theft

  • Protection against third-party influence

  • Protection against illegal use of removable media

  • Removable media locking

 

Organisational measures

Organisational regulations complement the technical and physical measures effectively for protection against human misbehaviour and sabotage.

  • Raising the awareness of employees

  • Four-eyes principle

  • Function separation

  • Guidelines for contracts and acceptance protocols

  • Dedicated rights and non-privileged user accounts

  • Personalised passwords

  • Whitelisting of approved removable media

  • Personalised and encrypted removable media

  • Maintenance notebooks of third-party companies remain on-site

  • Emergency planning

  • Audits

 

Leading publications

  • BSI analyses: Industrial Control System Security, Top 10 Threats

  • BDEW whitepaper: Requirements for secure control and telecommunication systems

Read more

Callback Service
Haben Sie Fragen?
Wir rufen Sie gerne
zurück!