ISMS and risk management don’t hurt

08/10/2024
Damovo News

Expert presentation at it-sa 2024 by Adrian Kraus, Cybersecurity Consultant at Damovo.

Damovo is at it-sa with three expert presentations Holistic IT security solutions from Damovo at it-sa 2024, which address key areas of IT security. Each presentation offers practical information and solutions that companies can directly incorporate into their security strategies. The first presentation is titled ‘ISMS and risk management don’t hurt’ and our colleague Adrian Kraus will explain in a practical way how a comprehensive information security management system (ISMS) helps to strategically anchor security measures. We asked Adrian a few questions in advance about the key aspects of the presentation.

Please introduce yourself and your role at Damovo.

My name is Adrian Kraus and I have been part of the Damovo team, and specifically the cybersecurity team, for more than six years now. On my business card it says cybersecurity consultant, which in my case means that I deal with information security both conceptually (in the sense of an ISMS) and technically (through solutions).

What challenges do you currently see in the area of cybersecurity that you would like to address in your presentation?

Several trends are currently converging. The ‘classic’, IT-driven cybersecurity, legal and regulatory requirements such as DORA or NIS2 and even the realisation that information security should be driven as a management initiative. However, it is becoming apparent that organisations do not really know what is required of them, where to start and what to use for guidance. Added to this are resource bottlenecks, especially time, so that people get lost in planning instead of just getting started.

Who is your talk aimed at primarily?

My talk has something for everyone who is interested in cybersecurity. The ‘currents’ that I mentioned in the previous answer show that we have to approach the topic from different perspectives. Everyone has their own area of expertise, but it helps to understand the perspectives of the other protagonists as well. My talk, which can also be seen as an introduction to information security, is about highlighting precisely these different perspectives.

What can participants take away from your talk that will really help them in their day-to-day work?

My experience in my work has shown that many organisations find it difficult to get started with managed information security in particular. It’s not as complicated as the endless standards and legal texts suggest. The most important thing is to get started and then to work your way forward step by step. What is difficult for many organisations is to see information security not as a one-off project, but as an ongoing development. In addition to tips on how to get started, I would also like to give advice on how to stay on track.

How do you think cybersecurity will develop in the next few years? What trends do you see?

The number of requirements will continue to increase. It’s not just the legislators (where there’s an NIS2, there’s probably going to be an NIS3 at some point), but also organisations that demand information security from their business partners and suppliers. At the same time, the number of digital assets of these organisations continues to grow. Keeping track of it has always been difficult. But with the use of the cloud and SaaS, we are reaching another level, so it often becomes unclear where which (critical) information is located and which processes and services are attached to which assets. This makes attack surface management even more important, along with asset management in all its facets.

Information at a glance

When: Tuesday, 22 October 2024 / 11:00 – 11:15 a.m.

Where: Cisco Stand, Hall 7A, Stand 504

Connect with Adrian Kraus on LinkedIn.