One task within the scope of risk minimisation is to keep the effectiveness of IT security at the highest possible level. A Security Level Management system supplies the required information for this. It supports the PCI DSS requirements 5 and 6 as well as the check phase performed by the information security management system (ISMS) in accordance with ISO/IEC 27001.
The key danger consists of not recognizing the actual risk. This leads to a false sense of security which hinders effective protection. However, many companies place too much trust in the security software. If errors occur in the update process, the security gaps created frequently remain undiscovered owing to a lack of quality assurance. Vulnerabilities known about and documented on the Internet can be exploited to damage a company, and the residual risk remains high despite the use of a wide range of technical protection measures.
Identifying and closing these gaps only functions when all the security systems in place are subjected to constant checks regarding their effectiveness - in real-time. AMPEG Security Lighthouse supports you in minimising the risk by creating the required visibility for the security status of the IT systems (e.g. Assess the security situation).
"One of the biggest mistakes security officers make is to blindly trust the success messages given out by their systems."
Raimund Genes †, former CTO Anti Malware at TREND MICRO
34 percent place their trust in systems that function automatically - They believe that "basically, network security is not in danger, even though no explicit control of whether an update took place successfully or not is performed."
Results of a survey by AMPEG of 200 chief security officers at major German companies.