About the project
An intensive one-day workshop was conducted to assess the IT security measures of Ingenieus AG and its suppliers and service providers. An initial analysis was performed, and risk-based measures were prioritized. In four structured phases, a comprehensive picture of the security situation was obtained. The assessment of the cybersecurity situation was based on a structured questionnaire, using best practices from the ISO/IEC 27000 series of standards and the NIST Cybersecurity Framework. Additionally, the specific requirements of the Swiss Federal Office of Transport (BAV) “CySec-Rail” directive were considered. This included reviews of the existing IT infrastructure, current security measures, network security tools, firewalls, antivirus solutions, and threat monitoring systems. It was also analysed whether all applicable data protection regulations, such as the GDPR and the Swiss DSG, were being complied with.
At the conclusion of the assessment, a detailed report was created based on a sound risk analysis and prioritization. The risk assessment considered both the likelihood and potential impact of cyber incidents.
Although a solid foundation already exists, additional optimization potential was identified that can further increase the cybersecurity level of Ingenieus AG. Enotrac has developed a prioritized list of measures that provides Ingenieus with a solid foundation for the cost-effective development of a future-proof ISMS. In addition, Enotrac offered the option of providing a “CISO as a service” with specific expertise in rail cybersecurity. This allows Ingenieus to access in-depth expertise in railway cybersecurity immediately and cost-effectively. Through the clear structure and prioritization of the measures, Ingenieus can efficiently and cost-effectively address the “cybersecurity” project and thus create a solid foundation for the establishment of an ISMS.
-
Client
Ingenieus
-
Period
2024
-
Location
Switzerland