Information Security Management System (ISMS)
Introduction of an information security management system
Materna supports companies in the introduction of an information security management system (ISMS). An ISMS aims to identify and analyze risks for an organization and make them controllable through appropriate measures. Only a holistic approach brings the decisive advantages:
Increased security awareness for employees, executives and management
- Securing the goals of confidentiality, integrity and availability
- Contribution to securing business continuity and thus success
- Legal certainty through systematic compliance with the relevant laws on information security and data protection
- Reduction of the liability risk of the responsible executives
- Cost savings by avoiding security incidents
Materna has been working in IT security consulting for more than 20 years and specializes in the following fields.
- ISO 27001 based on BSI basic protection
- ISO 27001
- Risk management
- Emergency Management
- Information Security and ISMS
- Consulting for the introduction of GRC software (partnership with HiScout)
To measure the maturity of cyber security in companies, Materna uses the cyber check based on ISACA.
Awareness training for all employees
As part of awareness training, employees learn the tricks of social engineering fraudsters and are trained to report a potential incident without fear. Materna realizes appealing videos and e-learnings that can be viewed directly at the workplace while on the job. Games can also be incorporated, which are varied and help to apply the knowledge in a fun way. Regular training sessions and varied campaigns consolidate the knowledge gained from the learning units. The level of difficulty should be adapted to the individual learning curve of each employee. In addition, Materna offers face-to-face training to convey particularly complex learning content in a catchy way.
Prevent with planned phishing campaigns
Materna carries out planned phishing campaigns: A structured test is used to check in real life how well employees can already deal with personalized attacks. Materna's method specifically addresses the individual performance of employees.
Employees are tempted to open supposedly harmless attachments, websites or links, just like in a malicious phishing attack. This happens, for example, with e-mails from their own organization or from known service providers. Anyone who falls into the targeted trap lands on an information page. Here, video trainings, games and other trainings are available for selection. These show very precisely what points should have been paid attention to. The recipients of the phishing exercises are recorded statistically and personally. This enables organizations to see which employees still need training and what the individual learning curves are.
Security Operations Center (SOC)
Security Operations Center (SOC) by Materna
Materna operates a SOC, a cyber security control center for the protection of IT infrastructure. Here, Materna's cyber security experts provide the following services:
Proactive monitoring of IT systems and ongoing analyses of the current threat situation.
Detection of cyber security vulnerabilities and their elimination
- Centralized security management for different endpoints
- Execution of the incident response process
- Alerting on detected attacks and threats
- Direct defensive measures to limit the damage of cyber attacks
- Carrying out security assessments
- Technical support for all security-related issues
- Reporting on the work of the Security Information Center and on all security-related systems
The SOC comprises various sensors and systems that generate, collect, analyze and process log files and information flows. At its core is the log management system with the security incident and event management system, which are supported by additional detection and mitigation functionalities.
Identity and Access Management
Manage access rights quickly and securely
To implement access authorizations for your employees securely and efficiently, you need to answer many questions. Identity and Access Management solutions provide decisive impetus here. Materna supports you with consulting, analysis of requirements, design and implementation of a suitable IAM solution. Privileged Access Management (PAM) is a special case of IAM. In this environment, Materna works with its partner Wallix when it comes to securing administrator access, i.e. privileged authorizations.
Web Security (OWASP Top 10)
Web penetration test
Materna offers the Web Penetration Test module especially for web servers. The website is checked for the OWASP Top 10 vulnerabilities. OWASP Top 10 is the developer's guide to secure program development. It represents the top 10 security risks of web applications. Mimicking an attacker, this is an attempt to bypass the website's security measures. As a basis for evaluation, Materna closely follows the German Federal Office for Information Security (BSI). Such a service can be offered in enterprise service management as a fully digitalized process. Web developers and employees in web projects then simply "book" a vulnerability scan or web penetration test for their servers and applications.
Cyber Security Check
Assess the maturity level of information security
As an information security officer (ISO), data protection officer (DPO) or IT manager, would you like to take a closer look at your organization's security level? We have developed the Cyber Security Check for this purpose.
Materna provides an assessment report that includes the following: Framework data including a description of the examined organization and its IT, management summary including an assessment of the threat situation (cyber security exposure) and a detailed assessment (detailed presentation of the identified deficiencies, their evaluation and recommendations to remedy the deficiencies).
Security-oriented digitization strategy for hospitals
Materna offers coordinated security modules in the area of digital hospital processes for the design and implementation of a security-oriented digitization strategy. The security modules are an answer to the question of how the implementation of a creative, digital process design in the area of logistical and administrative processes as well as integrated treatment and care services can be consistently combined with an accompanying security design. Materna removes the usual separation of competencies between function and security with its own strategy and method approach for cyber security engineering. The design of the security modules is based on a systematic approach to digitally expand the integrated administration and supply processes holistically in a hospital.
Each functional transformation step is linked to the "structured security analysis" building block, because legal and regulatory requirements continuously transform the technical discourse into a security-oriented approach.
Security-relevant process goals, such as the accountability of decisions made by service providers, the integrity of treatment protocols, the auditability of the treatment process, and also the availability of critical equipment and systems, demand a qualified, structured methodology for the security requirements that have been set.
Already at this point the building block "security architecture - security development" is effective. Design decisions are required and lead to a security architecture aligned with the security objectives.
Materna pursues an asset-oriented security strategy. Digital information, e.g. service offers from different departments or findings from patients, transforms into economic, social and data protection values. The complex process of their distribution and processing is subject to strict regulations and is covered by the "legally compliant data distribution" module.
The "hospital application protection" module supports a holistic security requirement for confidentiality, bindingness and authenticity in external and internal digital information exchange. With the "more secure operation - managed security" module, Materna provides both operational tools and experience and methods for designing operational security management.