Compliance to Code refers to all measures to translate regulatory and legal requirements into clearly structured digital policies. Preferably, this measure does not exclusively support the area of availability of digital systems, facilities and data centers, but also integrates the areas of DLP and EIM into a SOC (Security Operation Center). The primary goal of C2C is to provide a clearly structured overview of the compliance of all digital assets and to present it in a form that is manageable for risk and compliance management.

A holistic view of intrinsic and extrinsic requirements, assets and risks, which captures and correlates operating states in real time as needed, offers significant advantages over isolated KPIs and their individually recorded threshold values. Complex tasks such as the permanent and automatic implementation of ISO 27000 controls can be elegantly captured, processed and managed.

C-I-A triangle – Compliance to Code (C2C)

A positioning in cyber security (C-I-A triangle) can be described as followed. C2C covers Availability that ensures that information and resources are in place and ready to use to those who need them. It is implemented using methods such as hardware maintenance, software patching and network optimization. Processes such as redundancy, failover, arrays and high-availability clusters are used to mitigate serious consequences when technical issues do occur.

Dedicated hardware devices can be used to guard against downtime and unreachable data due to malicious actions such as distributed denial-of-service (DDoS) attacks.

Using our framework for cybersecurity, we capture the requirements for the availability of sensitive corporate data and transform them into a clearly structured set of rules using our proven methodology. Individual rules can be recorded using detailed checklists as well as standardized graphics.

The use of graphics can save a lot of time and serves to avoid overlapping and/or contradictory rules. It is also extremely effective in avoiding conceptual gaps.