The task we face as IT consultants on a daily basis is to make the established standards such as ISO 27001, IEC 62443 and COBIT anticipate the rapidly changing IT trends and their requirements by linking the guidelines to the state of the art.
As soon as we have an IT system on the test bench, we do not see it as our task to look for errors and “culprits”, but rather check the systems for deviations from the target state or the state of the art. (1/2)
(2/2) In 70% of the cases the target state is not sufficiently defined, then we help to create clear guidelines.
ABOUT US: TECHNOLOGY CHANGES ⇨ STANDARDS REMAIN!
Every year there are new trends in IT operations: offshoring, mobility, outsourcing, client computing, social media, the cloud, Big Data, Industry 4.0, IoT, and many more. Large parts of networked system intelligence already reside in the cloud. Compliance pressures are mounting over us both internally and externally.
Never before have IT departments had to face such service diversification from the many new technologies. The number of systems to be audited is increasingly increasing in recent years with the growing intelligence of IoT devices. The increasing number of networked IT systems also exponentially increases the attack surface for cybercrime attacks.
Our role as consultants
The task we face every day as IT consultants is to anticipate the rapidly changing IT trends and their business requirements by identifying and addressing the potential risks in a structured way. In doing so, we support our clients in identifying and applying the state of the art. The use of established standards such as ISO 27001, IEC 62443 and the BSI basic protection catalogs as well as many other specific guides such as OWASP for web applications are recognized as state of the art and their use facilitates the definition of appropriate measures.
From the auditor’s perspective
As soon as we have an IT system or an IT process on the test bench, we do not see it as our task to look for “culprits”, but check the systems for deviations from the target state or the state of the art. In 70% of the cases the target state is not sufficiently defined, then we help to create clear guidelines.
ABOUT US: AUDITORS ARE ALWAYS POPULAR…
After my experiences as an IT auditor at two of the largest auditing companies, I founded SEC4YOU in Korneuburg near Vienna. A little later, a branch office in Stumm in Tyrol was added in order to be able to optimally cover the west of Austria as well.
Since 2001, I and my team have been advising and auditing security-conscious companies in almost all industries. Especially the cooperation with the audit departments in the audit of ICS requirements requires risk assessed audit results.
As soon as the involved employees realize that an audit is a chance to modernize their IT systems and IT processes, the collegial cooperation with the popular auditor also begins.
Manfred Scholz
Managing Director and Founder SEC4YOU
