IT security reviews, clean risk analyses, and target-oriented data and IT security concepts and measures based on these have significantly reduced the threat of cyberattacks and ensured compliance with the relevant data protection requirements.
Problem
- In light of the increasing number of headlines about various security incidents, the company’s management team wants to ensure the best possible protection against cyberattacks, as well as compliance with the relevant data protection guidelines and GDPR requirements.
- For the internal IT organization, it’s a good idea to bring in external expertise and specialized know-how to cover data and IT security issues, in particular from the perspective of an external attack.
Contribution of ResultONE
- Performance of security assessments and penetration tests (together with partners)
- Performance of security analyses, audits, risk/threat analyses, review of technical, organizational, legal, and data protection aspects and compliance with GDPR requirements, drafting of reports relevant for the respective target group
- Elaboration of security concepts and proposal of (technical, organizational) measures to be taken, including priorities and timing (e.g. technical configurations, adjustments to websites and processes, infrastructural and organizational measures, installation of Data Protection Officer (DPO), conclusion of company agreements, instructions for employees, holding of training courses)
- Performance of follow-up assessments, both periodically and as and when needed, e.g. after carrying out maintenance and making changes to systems, configurations, installing new versions, replacing components
Outcome
- Legal measures are taking effect, attempted attacks have been thwarted, no security incidents have occurred to date
- The various data protection and GDPR requirements are complied with