IT Security Services

 

Data security is an important topic in data protection, because the security of data is fundamental to the protection of personal data. Accordingly, the GDPR demands a lot from data controllers with the Technical and Organisational Measures (TOMs). Although these measures (GDPR, Art. 32) are not formulated in concrete terms, the reference to the protection goals and terms commonly used in the area of information security makes it clear what is meant: measures in the areas of access, access control, emergency planning and especially: cyber security - protection against external attacks.

Especially in the area of cyber security, SMEs and associations are usually not well positioned or not positioned at all. Whoever takes responsibility for security in such an organisation has to meet the same obligations as in a large corporation. However, the security budgets and the size of the teams are limited. This makes the task difficult.

That's why, under the title fccDataPrivacy IT Security Services, we provide some tools that - without building up significant internal resources - help to understand the issue of cyber security and to identify and fix vulnerabilities. We use these tools ourselves.

These tools all work according to the following model:

  • they are well-known and much-used cloud tools on the market
    (data is stored exclusively in EU / CH data centres)
  • detect vulnerabilities through regular scans
  • fix detected vulnerabilities through internal or external resources.

 

SIWECOS Integration                    

SIWECOS (https://siwecos.de/en/) stands for "Secure Websites and Content Management Systems" and helps small and medium-sized enterprises (SMEs) and associations to identify and eliminate security vulnerabilities on their websites. On the one hand, the focus is on concrete recommendations for action for detected vulnerabilities; on the other hand, there is also a strong emphasis on raising awareness among SMEs and associations in the area of cyber security. A vulnerability scanner regularly checks the server systems of the SME for known vulnerabilities or the web applications installed on them for security gaps; all tools were developed under the premise 'secure by design'.

Funded by the German Federal Ministry for Economic Affairs and Energy, SIWECOS is a free service with the following features:

  • daily scan of all URLs registered in SIWECOS (websites, web applications)
  • detailed report about possible vulnerabilities (only the last scan is available)
  • a rating (between 0 - 100) of individual partial scans and the sum of all scans.

The fccDataPrivacy SIWECOS integration extends the SIWECOS service with the following functions:

  • daily download of the SIWECOS report (csv format, reports are stored for a maximum of one year)
  • the individual scans are extracted and displayed as a history (how have the ratings changed over time)
  • an alarm is triggered in case of significant deviations.

As SIWECOS itself is a free service, we also offer the integration described here free of charge as part of the products fccDataPrivacy Data Protection Readiness and the fccDataPrivacy Data Protection Management System.

Greenbone Vulnerability Management

IT security is a process - vulnerability management provides the basis. Only those who know their vulnerabilities can implement security measures in a targeted manner. With Greenbone Vulnerability Management, you can view your IT infrastructure from

  • the outside - from the perspective of a potential attacker
  • from the inside - examining your internal server and workstation infrastructure

The aim is to find and document every existing vulnerability of your IT infrastructure and to provide solutions.

The fccDataPrivacy Greenbone integration extracts the following privacy-relevant information into the fccDataPrivacy Admin Portal on a daily basis:

  • Software assets (installed software per asset)
  • possible vulnerabilities and a history of when which software was last updated
  • an alarm is triggered in the event of significant deviations.



Pricing

 

The SIWECO integration is already included in the products fccDataPrivacy Data Protection Readiness and the fccDataPrivacy Data Protection Management System.

For further details, please refer to the price list.