Schutz & Rettung is the largest civilian rescue organization in Switzerland and is tasked with protecting and rescuing people, animals, property and the environment – around the clock. In order to live up to its credo of providing the best possible protection and optimum security, Schutz & Rettung Zürich also sees it as its duty to ensure that its own structures are always effectively protected against cyber risks. For this reason, Schutz & Rettung decided to carry out a preventive check of its IT infrastructure using an IT security assessment from United Security Providers.
The Operations & Prevention department plays a central role at Zurich Protection & Rescue – after all, with the operations control center (coordination, alerting and dispatching of rescue services and fire departments), it is the hub for all operational planning in emergency situations. The Operations Control Center (ELZ) also brings together all the threads that need to be held together in the event of extraordinary incidents, such as major events and special situations.
This requires a stable and highly reliable internal IT infrastructure that functions smoothly and is absolutely robust. The rapid development of digitalization, the increasing number of hacker attacks and the constantly changing security requirements do not stop at Schutz & Rettung. This has confronted the organization with the question of how the protection of its own IT infrastructure and the associated business processes can be further optimized: The continuous improvement process of IT security, according to the PDCA (Plan, Do, Check, Act) method, is at the center of the considerations.
Critical self-audits for a continuous improvement process in IT security
Schutz & Rettung Zürich underwent an IT security assessment by security experts United Security Providers. The aim of this was to examine the IT infrastructure and business processes of Schutz & Rettung and to summarize all risks, including those from the self-assessment of the gap analysis “Information Security Manual” of the City of Zurich, in the organization’s central risk management system.
IT security assessment provides a quick overview of a highly complex infrastructure
As part of the IT security assessment, United Security Providers drew up a comprehensive overview of the risks associated with the processes and IT infrastructure.
The highly complex IT environment of the incident command system (ECS) was a key factor in the technical examination of the infrastructure: Schutz & Rettung is in operation 24/7, the infrastructure must be available at all times and is subject to the highest availability requirements. A disruption to the infrastructure would have considerable consequences for the operation of the operations control center – consequences that can sometimes mean the difference between life and death.
The interviews with the specialist managers on specific topics such as firewalls, remote access, data management, mobile applications, user and rights management as well as the completed configuration checks provided the consultants from United Security Providers with a picture of the IT architecture and the security status of the IT landscape.
The results of the IT security assessment were evaluated in a detailed risk analysis and the measures to be implemented to minimize risks were prioritized in a detailed roadmap. “The roadmap of the risks identified and the proposed solutions are the perfect basis for us to continue working on continuous improvement. Thanks to the findings of the IT security assessment (pdf), we now have an even deeper understanding of how to respond to cyberattacks at an early stage and be prepared. United Security Providers understood how to break down the complex security requirements into practicable steps and integrate them into the project portfolio,” says Martin Schellenberg, Head of ICT, Zurich Protection & Rescue.
Conclusion: A security assessment as a preventive measure
The IT security assessment from United Security Providers supports Schutz & Rettung Zürich in implementing preventive measures to protect against cyberattacks and thus enables an even more intensive examination of the company’s own business processes. The continuous improvement process for IT security, with centrally managed risk management, ensures that business and IT managers have a uniform view of potential IT risks and thus develop a better understanding of each other. This is another cornerstone that also prepares Schutz & Rettung Zürich for future challenges brought about by digitalization.
What is the security situation in your company?
Does your IT security meet current requirements? An IT security assessment provides you with answers to all important IT security questions and shows you the way to a secure future.