Bernkastel-Kues municipal administration

Management Summary

Added value for the customer

Project environment

The IT infrastructure in the municipal sector has changed massively over the last 20 years. Almost all municipal tasks and administrative areas are supported by IT. This is accompanied by a growing threat of cyberattacks, especially as changed working methods such as working from home and the like create new areas of attack. Recently, there have been an increasing number of IT security incidents affecting local government in Germany. If their work is impaired or even paralyzed by a cyberattack, this ultimately also affects citizens - for example, if important services are only offered to a limited extent or not at all, official documents can no longer be issued, personal data falls into the wrong hands, offices remain closed or employees cannot be reached.

In order to protect sensitive citizen and company data as effectively as possible and ensure uninterrupted business operations, IT security must be seen as a central task of the administration. Basic preventative measures against cyber attacks include, for example, the continuous updating of applications and virus scanners, regular backups, the installation of software only from official sources, caution when dealing with emails of unknown origin and appropriate guidelines and training for employees. However, in view of the increasing complexity of IT, it is becoming increasingly difficult for small local authorities with little local capacity to identify and implement the necessary measures.

The Bernkastel-Kues municipal administration has brought professional support on board to uncover potential weaknesses or security gaps and then take appropriate measures: IT-HAUS GmbH , a long-standing IT partner, was commissioned to carry out a comprehensive analysis of current IT security, known as a cyber security check.

Project success

The Cyber Security Check is an all-inclusive service from IT-HAUS GmbH that provides a holistic picture of IT security in the company and specific recommendations for action at a manageable cost. The latter are intended to serve as a basis for continuously and sustainably improving the level of security at the checked location.

The check is divided into three parts, each of which sheds light on different aspects of IT security and can be carried out completely remotely. Part 1 is a questionnaire aimed at analyzing the customer's technical-operational security. It consists of 20 modules covering various technical areas - from the data centre environment and its availability to the virtualization and application level. Part 2 primarily covers questions relating to strategic IT security, including the structure and organization of IT, security guidelines and relevant roles (data protection officer, etc.) in the company as well as emergency management. The level of knowledge and training of employees in this area is also surveyed here.

The questionnaires were developed by IT-HAUS and are largely based on the IT baseline protection of the German Federal Office for Information Security (BSI), which considers technical aspects as well as infrastructural, organizational and personnel issues. The IT manager at the local authority administration was able to answer both questions conveniently online using the IT-HAUS assessment tool. This usually takes a few hours, or a few days at most if there is a need for coordination or clarification.

Furthermore, as part of the cyber security check, a one-off automated penetration test (pentest) was carried out at the customer's premises to examine their IT systems for possible security vulnerabilities in the form of simulated cyber attacks. Tests are carried out both from the outside and from the inside in order to not only find possible entry vectors for an external attacker, but also to clarify what damage a hacker can cause in the customer's internal network. This test is also carried out remotely and only takes about a day.

Once the data from all three surveys had been collected and evaluated, IT-HAUS assessed the current security status of the authority and derived individual, experience-based recommendations for action. These were prioritized and presented to those responsible in a joint final meeting in the form of a detailed results report.

The report not only shows which measures would be necessary or useful to increase the level of security and over what period of time, but also the risks and challenges that would otherwise arise.

The gradations range from high-priority issues, which should be addressed immediately or as soon as possible, to medium and long-term measures, which are recommended but not urgent. In addition to the detailed recommendations, the report also outlines how IT-HAUS can contribute to achieving these goals. The results document is rounded off by tabular lists of the recommendations for action, which the local authority can use as a checklist or to-do list, as well as all the weaknesses found in the automated pentest.

As the cyber security check is a standardized process, IT-HAUS can offer it at a fixed price per location, regardless of the effort involved. This includes the automated pentest, making it a very cost- and time-efficient alternative to tests that manually detect potential points of attack. As a full-service provider, IT-HAUS is also able to implement all measures recommended in the course of the check from a single source.

At the same time, it is up to the customer to decide whether to follow the recommendations and which service provider to contact if necessary. In the case of the Bernkastel-Kues local authority, those responsible agreed to commission IT-HAUS again, which meant that several potential security gaps could be closed.

Our experts will be happy to advise you on the individual options.

Fill out our contact form or call us directly. We look forward to talking to you.