IT Security Working Group

 

The aim of the IT-Security working group is an intensive and trusting exchange on cyber security but also on other topics such as:

IT security awareness, current security threats, development of IT security technology, organizational and technical best practices, information platforms for IT security, typical security incidents, new attack scenarios, the Darknet

Our Mission

 

The purpose of the working group is to improve the protection of the participating companies against threats to the security of their data and IT. The working group is looking for ways to identify these threats as early as possible in order to initiate appropriate countermeasures. Damage should be prevented or at least the effects minimized.

 

Threat situation

Threats can affect businesses from the Internet via downloads, emails, USB sticks or other means. Social engineering in particular is playing an increasingly important role.

 

Objective

The aim is to find ways of being informed about new threats as early as possible. For this purpose, sources of information will be made available and, if possible, additional information channels will be opened.

The working group provides a discussion platform to intensify the exchange of experience in this sensitive area. If possible, the overall effort in the field of security should be reduced through cooperation between the companies, as the methods and procedures used can be adjusted and adopted. In order for this to work in the long term, contributions from all participants are necessary.

The exchange may include the following areas:

  1. Information sources on the current threat situation (e.g. Internet forums, working groups)
  2. Technical and organizational measures implemented (e.g. employee awareness, authentication procedures)
  3. External service providers (e.g. security analyses, penetration testing)
  4. Concrete damage cases and thus knowledge of current attacks

Attention from employees is essential to improving protection against cyber threats. The awareness of the possible dangers should be sharpened among the employees. Behavioral measures in the event of suspected or actual attacks from the network should be communicated to all employees.

In order to achieve this, the members of the working group exchange information on measures implemented and/or planned in the respective institutions and report on their experiences with regard to effectiveness.

Meaningful arguments for the procurement of budget for the topic security are to be discussed.

 

Format

Various formats in different frequencies serve the purpose of intensifying the exchange.

  1. The working group regularly exchanges information in person in committee work.
  2. In order to be able to bring the exchange of meaningful measures into the operative business, the possibility should be created that employees of the operative business (CISO, administrators) of the companies directly exchange information in specialist groups.
  3. Information is to be exchanged promptly and continuously via a discussion and exchange platform. The platform also serves documentation purposes and can thus develop into an information pool and source of reference.

 

Prerequisites for exchange and cooperation

Confidentiality: Some very confidential information is exchanged within the working group. Therefore, not everything that is spoken is documented. Information that is not considered critical shall be made freely available to all ITEC club members.

Commitment: All participants are expected to make their own contributions, to take an active part in the discussions and to contribute their own experiences – give and take.