Part 1 — Reconcile rapid digital transformation with security and compliance

Understand your assets that need protection

Information security cannot begin until you have a clear understanding of what is security-relevant or worth protecting. But how exactly do you develop this understanding? In short and simple terms:

Understand your business processes and the data processed or generated in these processes.

In particular, the relevance of the data to various legal aspects, including but not limited to the General Data Protection Regulation, is of importance. Our consultants provide broad and deep expertise in globally recognized standards, such as ISO27001, NIST, SOC 2 that will help you with this analysis. But why is this so-called structural analysis necessary?

The structural analysis creates transparency and provides you with the basis for increasing automation as part of your efforts in maintaining a high level in information security.

Complex relationships between assets, sometimes previously unknown to your organization, are thus identified and documented. A database serves as the basis for displaying exactly these complex relationships. We have the necessary experience in the construction of a complete, accurate mapping of the asset network as part of the aforementioned database, the so-called configuration management database (CMDB).

A configuration management database (CMDB) is used by an organization to store information about hardware and software assets, often referred to as configuration items (CI). It is useful to break down CIs into logical layers. This database acts as a data warehouse for the organization by storing information regarding the relationships among its assets. The CMDB provides a means of understanding the organization’s critical assets and their relationships, such as IT systems and dependencies of CIs.

The latest digital technologies are used for CMDBs so that maintenance-intensive and non-automated spreadsheet-based solutions (e.g., Excel) become fully obsolete.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
SRC - Security, Risk, Compliance

SRC - Security, Risk, Compliance

Beratung, um Security, Risk und Compliance bei Ihnen als Enabler für das Business zu etablieren.