Introducing an information security management system

Materna assists organisations which wish to invest in an information security management system (ISMS). The purpose of an ISMS is to identify and analyse IT risks for an organisation, and then to manage these by applying appropriate measures. A multi-pronged approach is crucial to drawing the full benefit, including:

• a keen awareness among all employees, from junior staff to middle and senior management
• assuring the confidentiality, integrity and availability of data
• helping to assure business continuity and thus the success of the organisation
• legal certainty by systematically following the relevant laws on information security and data protection
• reducing the liability risk of individual managers
• cost savings by avoiding security incidents

Materna has been operating as a consultancy for information security for more than 20 years and specializes in the following areas:

• ISO 27001 basic protection based on BSI
• ISO 27001
• TISAX
• ISIS12
• IT risk management
• IT emergency management

Materna will assess the maturity of your organisation’s cyber security with a cyber check based on the ISACA model.

Awareness training for all employees

Our awareness training courses will introduce your employees to the tricks used by social engineering scammers and teach them the importance of reporting potential incidents without fear of repercussions. Videos produced by the Materna media team accompany our e-learning content, which your staff can consume at their workstation and flexibly incorporate into their busy schedules. The course material is backed up with fun games to motivate and encourage users to apply their newly gained knowledge. Regular training and varying campaigns help to reinforce the learning units. A variety of skill levels is available that reflects the needs of every member of staff. Materna also offers face-to-face training courses for the instruction of very complex content.

Boost awareness retention rates with planned phishing campaigns

Materna carries out simulated phishing campaigns: Using a carefully structured test we can check how your employees deal with personalized attacks in the real world. Materna’s method specifically takes individual staff performance into consideration.

Just like real-life malicious phishing attacks, these simulations are designed to tempt employees into opening what appear to be harmless attachments, websites or links. This may take the form of emails from inside the company or from known service providers. Users who stumble into the trap are redirected to an information page that offers a choice of video tutorials, games and other training material showing the user exactly what to look out for. A statistical and personalized record of the recipients of these phishing attacks is kept, providing the organisation with an overview of those employees in need of further training and of their individual learning curves.

Materna’s security operation centre

Materna operates a security operation centre (SOC), a cyber security control hub to protect your IT and OT (operational technology). Our cyber security analysts are on hand to provide the following services:

• proactive monitoring of the IT and OT systems and ongoing analyses of the current threat level
• detection and elimination of vulnerabilities in your cyber security
• centralized security management for a range of end devices
• managing the incident response process
• sending alerts of known attacks and threats
• direct defensive measures to limit damage of cyber attacks
• security assessments
• technical support for all security-related issues
• reporting on the work of the security information centre and all security-related systems

The SOC deploys a range of sensors and systems that generate, collect, analyse and process log files and information flows. Behind every successful SOC lies a log management solution alongside the security incident and event management systems, supported by additional functionalities to detect and intercept intrusions.

Analysis of your IT landscape, including security level

The speed of technological development demands a continual modernization of every IT landscape. However, organisations aren’t always sure how up-to-date their own IT security currently is and which investments would make sense. These and other questions are dealt with by IT Check, Materna’s new non-proprietary consultancy package. You receive a comprehensive assessment of your IT, accompanied by advice on any adjustments the IT landscape requires in order to assure the reliable protection on which your core business depends.

The analysis covers six aspects: compliance, processes, organisation, software and architecture, security and operation. Where IT architecture is concerned, the focus lies in business-critical infrastructures and the data objects stored there, not to mention data flows. Processes are examined for their compliance with recommended best practices and norms like ITIL, FitSM or ISO 20000.