When it comes to IT security, companies and employees sometimes fall into a kind of shock. Countless EU ordinances and regulations call for safety and at the same time threaten high penalties. But how do you properly protect your most valuable data? What else can you do? What are the right IT security strategies? And can you actually be prosecuted for insufficient IT security? “In many companies, IT security is often a patchwork quilt and not a holistic concept. There are security gaps everywhere that can have legal consequences and at the same time offer an open door for hackers," is how Tim Cappelmann, member of the management board at AirITSystems from Langenhagen near Hanover, describes the dilemma. As an IT service provider in the field of high-security infrastructures, his company is very familiar with these challenges. Thanks to many years of experience in areas that are particularly relevant to security, such as airports and hospitals, the company is able to offer tried and tested, standardized security procedures. What is special: The goal is always that business and IT grow together and are coordinated. This is the only way to ensure that the security strategy has a functioning basis.

More and more networked devices require new security measures

AirITSystems also sees itself well positioned with the specially developed SaaS platform AirIT-ONE for the topic of "Operational Technology Security" (OT Security), which will play a prominent role in the "Industrial Security Circus" at HANNOVER MESSE 2023. Thanks to standardized processes, automation, ready-made guidelines and a stringent project method, companies should be able to quickly achieve success in terms of IT and OT security. Regardless of whether to secure cyber-physical systems (CPS) in industry (OT), healthcare (IoMT), in the Internet of Things (IoT) or to meet compliance requirements - with AirIT-ONE companies should be able to proven Information Security Management System (ISMS) for setting up and operating administration and internal control systems. “Almost all the technical devices around us are already networked. But what safety standards apply? We like to talk about smart technologies and ignore security issues. That's not smart at all," says Cappelmann.

Clear the ring for OT security

The advancing digitization of industry means that more and more systems and devices are being connected to form a smart network - whether for predictive maintenance, connected cars, smart buildings or logistics and transport. Even technical systems from production, medical technology or similar sectors are often unsuspectingly integrated into company networks. However, many of these technologies and devices do not yet have sufficient security standards or are not sufficiently configured for use in networks. In a half-hour presentation on the subject of “Information security for technical networks – standard requirements and ISMS. Fit to standard and applicability in OT/IT environments" as part of the already mentioned "Industrial Security Circus" in a simple and comprehensible way. The event will take place on Wednesday, April 19, from 11:00 a.m. to 11:30 a.m. at the Industrial Security Speakers Corner at Stand D04 in Hall 16. Cappelmann will use project examples and the already mentioned SaaS platform AirIT-ONE to demonstrate how an ISMS can be used for this. The special feature: OT security can be transferred to the control processes of a standard (BSI or ISO27001) and monitored.

IT security is not just a question of technology

A suitable level of security results from a situation picture that shows whether business processes and actual implementation fit together. The basis for this is provided by a functional ISMS for information security and a DSMS (Data Stream Management System) for data protection. IT security is not a matter of personal discretion here. Legal regulations such as the IT Security Act or the EU General Data Protection Regulation (EU-DSGVO) specify the requirements to be met. Added to this are increased customer requirements, outsourced services and heightened threats.

Implement normative requirements quickly, effectively and audit-proof

Thomas Wimmer, Head of Consulting & Business Support at AirITSystems, will give additional insights into how the normative requirements from ISO27001, CISIS12 or the BSI are implemented in another short presentation "Information security/data protection as a service - for turnkey & valuable ISMS/DSMS". fast, effective and audit-proof. Interested parties should make a note of April 17, the lecture will take place from 4:30 p.m. to 4:45 p.m., also at the Industrial Security Speakers Corner in Hall 16.

Video