ASEA IT security principle

The ASEA IT security principle is a security strategy in the IT area for companies that was developed by TT Ford . The principle is divided into four phases, the first letters of which give the name ASEA:

A nalysis
S ensibilisieren
e rweitern
A EFRESH

application

The IT security principle according to ASEA is intended to provide good protection for companies of all types in the IT security environment. By running through the four phases, good protection in the IT environment can be built up relatively quickly and cost-effectively. The principle was developed as support for managers and responsible technicians in the field of IT security.

The ASEA IT security principle was developed by TT Ford and is used to maintain adequate IT security in the company. It can be used freely, but should be referenced to the origin of TT Ford.

method

Analyze

In the first phase, an overview should be created of what the current threat situation of the individual company looks like. Various trade journals and online reports as well as benchmarks, which are often created by security companies such as Kaspersky or Symantec , help here. In addition, many European countries have a reporting and information center for IT security. In Germany this would be z. B. the BSI or in Switzerland the federal agency MELANI . Both prepare annual reports on the current IT security situation in the respective country.

In order to get a good overview for your own company, it is recommended to create a risk matrix.

Raise awareness

One of the greatest risks remains human error. This is likely to remain the case for the next few years. In order to gain a relatively high level of IT security as quickly as possible, awareness-raising measures should be carried out in the areas analyzed. Even very simple and inexpensive measures can have a big impact.

Possible measures include the creation of an IT security policy , education discussions with the employees, YouTube - tutorial or internal phishing attacks to make more alert to the employees.

Expand

An IT environment must be constantly adapted to the newly analyzed threats. Therefore, a little money should always be planned for investments in the area of IT security components. Where in the past a firewall and an antivirus offered sufficient protection in a network, today some more components have to be used in order to achieve sufficient IT security. Here it is helpful to find out what the current state of the art is in the field of IT security.

To update

The best IT security components are useless if they are out of date. Good patch management of the systems and components used can achieve a lot. Not to be forgotten, however, are safety-relevant processes or guidelines that need to be continually adapted to the current risks.

Individual evidence

↑ Kaspersky (ed.): Kaspersky IT Security Risks Survey 2017 .
↑ Verizon (Ed.): Data Breach Investigations Report . 2017.
↑ patch management. Retrieved June 5, 2020 .

[1] Kaspersky (ed.): Kaspersky IT Security Risks Survey 2017 .

[2] Verizon (Ed.): Data Breach Investigations Report . 2017.

[3] patch management. Retrieved June 5, 2020 .