SRG SSR commissioned FLYING EYE with the security and efficiency testing of different systems and processes in the RSI broadcasting channel in order to identify security weaknesses and optimise processes.

We produced a criteria catalogue as a basis for an objective analysis of IT security and also the efficiency of the processes in the channel according to which assessments are carried out. In doing so, we used the IT security management framework as a basis for analysing IT security as part of the IT security management for ISO/IEC 27001 and 27002, supplemented with the latest state of technology in accordance with the BSI basic protection catalogue.

Due to the criteria catalogue, we carried out the analysis of IT security in the form of on-site interviews. The analysis of process efficiency took place in the form of workshops with stakeholders from various areas. In addition, we checked access, the technical documentation of the system setup for the transmission, documents and guidelines of the transmitter on security aspects and also the process documentation of IT operations.

The weak spots identified as part of the IT security audit (findings) were provided with concrete measure proposals, prioritisations and a qualitative estimation of time and effort for implementation. In addition to this, we produced and presented a management summary for the management level.

For the efficiency operating point, we defined TARGET processes with the corresponding improvements and co-ordinated these with the stakeholders. Documentation was done in the form of BPMN diagrams.

Through our work, IT security leaks in SRG SSR’s SRI channels have been successfully closed and efficiency in processes optimised.

Contact: Mike Christmann