{"id":15437,"date":"2024-09-16T14:00:00","date_gmt":"2024-09-16T12:00:00","guid":{"rendered":"https:\/\/oberender.com\/unkategorisiert\/information-security-part-5-further-building-blocks\/"},"modified":"2024-10-07T12:24:16","modified_gmt":"2024-10-07T10:24:16","slug":"information-security-part-5-further-building-blocks","status":"publish","type":"post","link":"https:\/\/oberender.com\/en\/blog-en\/information-security-part-5-further-building-blocks\/","title":{"rendered":"Information security Part 5 – Further building blocks"},"content":{"rendered":"\n

As mentioned in the first article, the considerations in the previous episodes are only superficial.\nBehind some of the aspects and concepts mentioned are more complex challenges for you, which we will be happy to work out with you and support you in implementing. <\/p>\n\n

In this final episode, we would like to explain two important topics and aspects: employee awareness and supply chain control.<\/p>\n\n

Employee attention <\/h3>\n\n

Those sitting in front of the computer are of course a “weak point” in the system.\nThe factors that lead to this are manifold.\nA lack of digital skills, poor equipment with IT tools, a lack of education and training and also a work overload are just some of the possible triggers for a security incident. <\/p>\n\n

The digital identities of your company’s employees are a particular focus for attackers.\nIt’s not for nothing that the saying goes “Nowadays, hackers don’t hack, they log in!” <\/p>\n\n

Special attention should therefore be paid to this area.\nIn our view, two tasks should be particularly emphasized. <\/p>\n\n

Educate\/train and listen<\/h4>\n\n

You can certainly imagine what “educate\/train” means.\nHowever, the second point “Listening” is just as important.\nCreate structures in which attentive employees can submit reports without fear, which are taken seriously and dealt with promptly. <\/p>\n\n

Then you reduce the risk that a member of your team who wants to inform the helpdesk about a suspected infection on their computer will be told that this cannot be the case and that they should simply restart the computer.<\/p>\n\n

In this context, the Anglo-Saxon term “awareness” is always associated with the person affected.\nHowever, in the context of information security, this is a dichotomous concept and includes those who should and can take care of the incident. <\/p>\n\n

The education and training can be implemented in a variety of ways.\nCombine several tools, e.g. regular training and simulations (e.g. phishing campaigns, pentests, communication training for IT). <\/p>\n\n

Supply chain control<\/h3>\n\n

Admittedly, this is a somewhat loaded word and it has to do with the – attention word worm!\n– Supply Chain Due Diligence Act.\nBut that’s not the point here. <\/p>\n\n

The consideration of supply chains also plays a role in the area of information security and includes tangible items such as computers and other components and intangible items such as IT services and software.\nAll of this penetrates the virtual perimeter of your company from the outside and influences your security situation. <\/p>\n\n

Some measures are therefore necessary here to complete and strengthen your information security concept.<\/p>\n\n