IT Security Consulting for Process Automation

Reduction of manual effort through process automation

Reduction of the complexity of the protection needs analysis (SBA) through optimal tool support


Industry

Banking icon

 

Requirements

Compliance with BAIT in relation to implementation of protection needs analysis

Status Quo

Customer uses MS Excel solution, which allows only limited evaluation capacity

 

Goal

Establishment of an automated workflow incl. dashboard  that will significantly reduce working hours

Project Scope

According to BAIT 3.3, BaFin requires that "the institution [...] must regularly and on an ad hoc basis determine the protection requirements for the components of its defined information network, in particular with regard to the protection objectives of integrity, availability, confidentiality and authenticity". The customer currently uses MS Excel for the documentation of the protection needs analysis. A simple and fast evaluation is currently only possible to a limited extent. 

Since the information network is usually complex in terms of interrelationships and number of assets, a technical implementation can help to digitize the SBA process and create clear dashboards. The technical implementation is the main subject of the project.  

SRC IT Security Consulting in Action

1
Challenge
The starting point is the process mapping of the current SBA runs to determine simplifications and the optimal tool usage. Ideally, the existing application or technology stack should be used.
2
Solution
Mapping of SBA processes as workflows to replace the existing Excel-based approach.
3
Results
Lean SBA processes, in particular self-empowerment of the specialist departments on the one hand, and the guarantee of audit security including clear dashboarding on the other, are the main results of the technical solution.
THE CHALLENGE

SRC IT Security Consulting:Challenge

In order to be able to offer an adequate solution, it is necessary to identify the actual process of the protection requirements analysis and the associated "pain points". This is what makes simplification of SBA processes and thus optimal tool support possible in the first place. The following figure illustrates our understanding of the SBA process. 

THE TECHNICAL SOLUTION

SRC IT Security Consulting: Solution

Digital solutions and custom-made automatisms were implemented and set up as part of this project. Among other things, the programmed automatisms check data entries for consistency, perform protection needs assessments and inheritance in automated form. By digitizing and automating the SBA process, it was possible to

the operational effort is largely replaced by a "self-service" for the departments. The information security officer is now responsible for controlling and tracking the progress of the process. Documentation - technical and functional - initiates self-empowerment of the departments. 

THE FINAL PRODUCT

SRC IT Security Consulting: Result

In short, the technical solution creates a high degree of automation within the application and technology stack available to the customer. Departments are able to independently evaluate the components of the information network that are relevant to them via self-service. The evaluation of protection requirements is carried out completely automatically.  

Dashboards allow critical assets to be identified in real-time. Technical and functional manuals were provided to the customer for self-empowerment. Overall, this resulted in a relative reduction in working time of more than 50% for the customer.

 

Design Control Framework
IT Health Check

Questions? Arrange a meeting with us