XpertLync – Information Security and Compliance

XpertLync can provide tailor-made measures in the field of communication, awareness and training. Targeted measures for raising security awareness based around a communication concept have been conceived and implemented. An example worth mentioning here is a training workshop that enables participants to understand and support the information security management process and to act as multipliers to promote it in the company. By way of example, the following topics are communicated during the workshop:

• As part of a general motivation session on the subject of information security current incidents and trends are illustrated and the most important threat types explained, including computer viruses, Trojans, worms, spam, botnets, exploitation of security loopholes, hidden data, phishing, spoofing, social engineering and general issues with web applications such as SQL injection, cross-site scripting, website defacement, frame spoofing etc.
• Existing threats and their structure as well as potential analyses General objectives of information security management and its portrayal as a protection requirement. Evaluation basis for the protection requirement and other requirements. In particular, it is shown how the availability protection requirement can result in a maximum acceptable downtime.
• Evaluation and management of Business risks along with the merging of information security management – including information security risks – into the company’s overarching risk management strategy.
• As regards the selection of IT security safeguards, it is shown that their adequacy can be guaranteed, and the general requirements on the safeguards elucidated.
• Depiction of the process for certification in accordance with ISO 27001.