Backround
Our client, an insurance company, was faced with the challenge of making its IT landscape more efficient and future-proof, particularly in terms of security. In view of the constantly growing threats from cyber attacks and data breaches, it was essential to strengthen IT security. To achieve these goals, the insurance company decided to introduce Enterprise Architecture Management (EAM). They then commissioned CTI CONSULTING to provide support in the area of enterprise architecture management, focussing in particular on IT security.
Realisation
The collaboration between the insurance company and CTI began with the introduction of LeanIX. LeanIX is an enterprise architecture management tool that also covers security aspects. We assisted the insurance company with a comprehensive data populating of the tool, paying particular attention to security-relevant information. Training courses were organised for IT and departmental employees to raise awareness of security aspects and convey best practices. Security use cases were also developed and implemented to ensure that the security requirements were integrated into the architecture. We provided architectural support for important implementation projects such as invoice capture and the implementation of an API management tool, taking into account security guidelines and standards. Together with our client, we developed an IT strategy and helped to concretise the insurance supervisory requirements for IT, or VAIT for short. Methodological consulting and refinement of the EAM methodology was carried out, as well as integration into the organisation to ensure that the security strategy is closely linked to the insurance company’s business requirements and corporate strategy. In particular, we focussed on identifying and securing vulnerabilities in the IT infrastructure.
Our CTI-Interim Enterprise Architect worked together with the customer to map an ISMS based on LeanIX and carried out a comprehensive CIA and VIVA analysis. This involved deriving IT security-related issues from the business strategy and evaluating processes and applications in terms of business relevance and criticality. In addition, comprehensive management and reporting views on IT security and IT data security were developed in the EA tool.
RESULTS
The successful collaboration with CTI enabled important progress to be made in strengthening the insurance company’s IT security and the introduction of LeanIX meant transparent and efficient management of the security architecture. The consideration of security use cases and requirements in key projects ensures a robust security infrastructure. The methodical consulting and refinement of the EAM methodology has led to a better integration of security aspects into the entire organisation of the insurance company. By building and refining the EAM repository, a comprehensive security architecture was developed that is closely aligned with business requirements and corporate strategy. Overall, working with us has helped the insurance company to make its IT landscape more secure and resilient.