"IT security management in companies" as the topic of the 4th IMS breakfast at the Zittau/Görlitz University of Applied Sciences.
A careless click of the mouse activates encryption software that encrypts over 10,000 files on your own computer and those connected via the network drives as well as the entire accounting and bookkeeping system within an hour. Annette Scheibe, Managing Director of Trixi-Park GMBH, and Andreas Gerlach, freelance system administrator at Trixis-Park and other regional companies, explained very clearly how this hacker attack on their company took place, what effects it had and how sensitized employees can avoid such situations. Thanks to the quick reaction of the employees and the system administrator of Trixi Park, the work stoppage was limited to 8 hours until the functionality of the IT system and lost data were restored via backup copies. According to statistical studies, such a hacker attack does not always go so smoothly, but leads to an average financial loss of 80,000 euros/attack in small and medium-sized companies.
"IT security management in companies" was the topic of the 4th IMS breakfast hosted by the Chair of Integrated Management Systems together with the TÜV Rheinland Academy at Zittau/Görlitz University of Applied Sciences. Over 20 company representatives and students from the Integrated Management Systems, Integrated Management and Computer Science Master's degree courses came together on March 18, 2016. Prof. Marietta Spangenberg from the Faculty of Electrical Engineering/Computer Science and her students provided the technical support for the IMS breakfast. Constant accessibility through new media and social networks, presence on the Internet, trends such as Industry 4.0 or SmartHome - in her presentation, Ms. Spangenberg explained where IT security vulnerabilities can exist in companies and how companies can protect themselves against them through systematic IT security management. Standards for this are available at both international and national level through the ISO 27000 series, the IT basic protection of the BSI or the ISIS 12. The discussion showed that the regional companies are aware of the challenges in IT security management, but that there is still a great need for action. None of the companies present are yet certified in IT security management. This will change by 2018 at the latest, because by then companies of certain sizes in so-called critical infrastructures such as energy, information technology and telecommunications, transport and traffic, health, water, food, finance and insurance will be obliged by the IT Security Act passed in 2015 to demonstrate certain minimum standards in IT security management through a certified IT security management system. Once this has been done, it will only be a matter of time before these companies pass on the certification pressure along their value chain. At any rate, this has been observed in the area of quality and environmental management systems.
Sensitized employees are crucial for a functioning IT security management system. Students on the Master's degree course in Computer Science used Pecha Kucha, a presentation technique originating from Japan, to present their proposal for awareness training for employees, which they developed as part of their course with Prof. Spangenberg. Pecha Kucha means: 20 slides of 20 seconds each, no text, but pictures on the slides. A concise and entertaining form of presentation that is highly recommended for imitation!
The next IMS breakfast will take place in June on the topic of "Considering psychological hazards in risk assessments".
