Mainzer Stadtwerke is the service provider for the electricity, water, and gas supply of the city of Mainz. The transport company department is also responsible for the city’s public transport. These basic services are an important part of a city or municipality. Projects carried out for the client: Awareness strategy, Measurement of Security Culture, E-Learning.
DownloadTo start, a specific awareness strategy was created as the basis for collaboration. This strategy is the ongoing reference for information security actions and ensures an efficient and goal-oriented approach. The strategy also makes a fundamental contribution to fostering a security culture.
At the beginning of the collaboration, the Security Awareness Radar® was used to measure the current status of the information security culture in the entire Mainzer Stadtwerke group. The result was targeted employee training. Existing e-learnings in all the subject areas meant that training was already available for the priority topics. Additional e-learning courses were developed especially for the requirements of Mainzer Stadtwerke and for optimal integration of the company's specific user guidelines into the training material.
Since the Mainzer Stadtwerke group is part of the critical infrastructure, it has a legal obligation to meet requirements in the areas of corporate governance, data protection and IT security law, and aspects of criminal law. Furthermore, the normative requirements DIN ISO/IEC 27001 and DIN ISO/IEC 27002 must be included in the planning and implementation.
The awareness strategy that was created contains detailed instructions, which can be used as a starting point for the design, development, and implementation of effective and targeted awareness programs through to the evaluation of the programs. It refers to the legal and regulatory requirements and provides a basis for fulfilling them.
To build a security culture that is part of everyday work life, all employees should take responsibility for security in their working environment and act appropriately when handling data and information.
Areas of collaboration between Mainzer Stadtwerke and TreeSolution included the following:
A holistic approach was taken in the support for the creation of the information security management system (ISMS) and the security program. Output included a comprehensive document on which the training courses could be based. The document serves as the basis for the security culture and to promote the “human firewall.”
The results of the Security Awareness Radar® provided a detailed picture of information security and security awareness among employees. It became apparent which topics and target groups had to be given priority training in order to increase security awareness in the company and to anchor information security in the corporate culture. This knowledge was incorporated into the information security strategy and training material.
The provision of the training material by TreeSolution allowed demands on the scarce time resources of Mainzer Stadtwerke to be kept to a minimum.
Alternative solutions had to be found for the training of employees who did not have access to a PC. This challenge was also mastered, resulting in optimal training of these employees and their inclusion in the measurement survey.
The extensive training material consisting of more than 15 topics enabled in-depth training of the employees. Through additional, individually created modules specific to Mainzer Stadtwerke, topics could be presented to the employees in an even more targeted manner, thus further reducing the risks.
The training and measures were well received by the employees and could be implemented and applied in everyday work. As an employee put it in the measurement survey:
“I consider regular training/instructions on security, like those for occupational safety and fire protection instructions, as necessary to stay up-to-date and to provide all those involved with comprehensive information.”
Mainzer Stadtwerke Employee
Employees must complete refresher courses every year, with new topics being added regularly. New employees are also given extensive training at the start of their employment.
The training actions based on the overall program can also be used as proof for ISO certification and annual recertification.
All measures planned and implemented to date promote a security-conscious corporate culture and thus contribute to the “human firewall.” Through holistic and continuous training over a longer period of time, knowledge about information security is constantly expanded and strengthened in the security culture.
The training material is regularly updated to ensure it is up-to-date and expanded with new additional training courses. In the future, the suppliers are also to be involved in training courses and another survey carried out using the Security Awareness Radar®.
“TreeSolution supported us in introducing targeted awareness programs. For this purpose, an inventory analysis was carried out and, based on this, a security awareness strategy was created. This took all legal and regulatory requirements
into account as well as the specifications of our information security management system (ISMS). Using the results of the Security Awareness Radar®, e-learning and specific courses on our user guidelines were provided for our employees.
In this way, all our employees could be introduced and trained in the subject in a targeted manner. With all these measures in collaboration with TreeSolution, we were able to reduce risks to a minimum and sustainably strengthen our security
awareness in culture and behavior.”
Sven Lohnke, IT security management consultant
Mainzer Stadtwerke AG
Formular, E-Mail, Telefon
Sie können ein kurzes Formular ausfüllen oder uns eine E‑Mail schicken. Wir melden uns innerhalb von zwei Werktagen bei Ihnen. Sie können uns auch direkt anrufen. Klicken Sie auf «Kontakt» und Sie erhalten alle notwendigen Kontaktdaten.
Form, E-mail, Phone
You can fill out a short form or send us an email. We will get back to you within two working days. You can also call us directly. Click on "Contact" and you will receive all the necessary contact details.
