Long ago, when companies faced threats from pirates and bandits, they required armed security forces to ensure that the company’s assets were not lost in transit or stolen from their vaults.
Today, similar threats still exist. Highly valuable data is often only a few keystrokes away from being stolen. Instead of armed guards, our most valuable assets are protected by an army of IT experts who engage in a daily struggle with very real thieves.
To make sure our cyber data is secure, Ziegler Group has adopted an Information System (IS) security approach that complies with the ISO27002 framework. These guidelines help us to create security standards and procedures that allow us to comply with regulations.
A Chief Information Security Officer (CISO) is responsible for overseeing that security measures are being used correctly and that all departments and levels of the company follow the same rules for cyber data security.
Our security processes are based on our Information Systems Security Policy (ISSP).
The purpose of this policy is to ensure the security of our information systems in a uniform and comprehensive way. It establishes ways to identify and address security risks, and aims to raise awareness about these risks among employees and partners.
The ISSP covers the secure storage and processing of data, including any Ziegler-owned data, software, and data that passes through third parties.
Since IT security is an ongoing process, these procedures and policies are being regularly adapted to minimise risks to our business and our customers.
By looking at our risks, we can allocate investment and effort to secure the most vulnerable and valuable aspects of our company first.
Our risk assessments are performed by an external security auditor (Orange Cyber Defense), which are also complimented by internal assessments.
Having a well-informed and security-conscious workforce considerably lowers the risks of security breaches for the company as a whole.
So Ziegler offers interactive training and simulated phishing campaigns to employees to improve awareness and to help them identify real threats more easily.
Ziegler conducts yearly security audits of its information systems with an external partner, to identify vulnerabilities and create plans to address them, in order to improve the company’s security status.
These audits can include inviting a team of ethical hackers to look for weaknesses, and simulating specific attacks to test our own response procedures and execution.
And what if the worst does happen?
Ziegler is investing in redundant systems to ensure business continuity and maintain the same level of security. This starts by creating redundant storage options and other measures to prevent single points of failure.
Our Disaster Recovery Site (DR Site) is located at a separate location for recovery in case of major outages at our main datacenters. The DR Site provides the same level of redundant power, climate control, and physical security as the main datacenter.
Time is of the essence in responding to a cyber-attack. This is why Ziegler has an Incident Response Playbook to structure an organised and swift response to incidents.
Keeping up with the ever-evolving threat landscape requires that we use the latest tools and technologies.
Ziegler is investing in the use of cloud services to improve the scalability, availability, and security of its systems.
We are also leveraging machine learning, AI, and automation to quickly detect and respond to security anomalies, in order to prevent incidents from happening or spreading in ways that humans can’t easily detect.
We owe it to our customers and partners to guard their valuable information as carefully as possible. This isn’t just a good practice – it’s essential to maintaining lasting relationships and doing good business in our modern world.
Information Security allows us to go further, and dream big, just like companies have done since trade began millenia ago.