Mainzer Stadtwerke is the service provider for the electricity, water, and gas supply of the city of Mainz. The transport company department is also responsible for the city’s public transport. These basic services are an important part of a city or municipality. Mainzer Stadtwerke has been using the services of TreeSolution for several years and has been training its employees with various e-learning courses.Download
City of Mainz in Germany
Ongoing since 2017
Awareness strategy, surveys with the Security Awareness Radar®, e-learning, individually developed training courses.
Security awareness strategy
At the beginning of the collaboration. The strategy serves as a starting point for the design, development, and implementation of effective and targeted awareness programs through to the evaluation of the programs.
Security awareness survey
At the beginning of the collaboration.
Awareness training topics
Use of the entire TreeSolution topic portfolio. Creation of specific courses in the area of project procurement, performance accountability and various compliance topics.
To start, a specific awareness strategy was created as the basis for collaboration. This strategy is the ongoing reference for information security actions and ensures an efficient and goal-oriented approach. The strategy also makes a fundamental contribution to fostering a security culture.
At the beginning of the collaboration, the Security Awareness Radar® was used to measure the current status of the information security culture in the entire Mainzer Stadtwerke group. The result was targeted employee training. Existing e-learnings in all the subject areas meant that training was already available for the priority topics. Additional e-learning courses were developed especially for the requirements of Mainzer Stadtwerke and for optimal integration of the company's specific user guidelines into the training material.
Since the Mainzer Stadtwerke group is part of the critical infrastructure, it has a legal obligation to meet requirements in the areas of corporate governance, data protection and IT security law, and aspects of criminal law. Furthermore, the normative requirements DIN ISO/IEC 27001 and DIN ISO/IEC 27002 must be included in the planning and implementation.
The awareness strategy that was created contains detailed instructions, which can be used as a starting point for the design, development, and implementation of effective and targeted awareness programs through to the evaluation of the programs. It refers to the legal and regulatory requirements and provides a basis for fulfilling them.
To build a security culture that is part of everyday work life, all employees should take responsibility for security in their working environment and act appropriately when handling data and information.
Areas of collaboration between Mainzer Stadtwerke and TreeSolution included the following:
A holistic approach was taken in the support for the creation of the information security management system (ISMS) and the security program. Output included a comprehensive document on which the training courses could be based. The document serves as the basis for the security culture and to promote the “human firewall.”
The results of the Security Awareness Radar® provided a detailed picture of information security and security awareness among employees. It became apparent which topics and target groups had to be given priority training in order to increase security awareness in the company and to anchor information security in the corporate culture. This knowledge was incorporated into the information security strategy and training material.
The provision of the training material by TreeSolution allowed demands on the scarce time resources of Mainzer Stadtwerke to be kept to a minimum.
Alternative solutions had to be found for the training of employees who did not have access to a PC. This challenge was also mastered, resulting in optimal training of these employees and their inclusion in the measurement survey.
The extensive training material consisting of more than 15 topics enabled in-depth training of the employees. Through additional, individually created modules specific to Mainzer Stadtwerke, topics could be presented to the employees in an even more targeted manner, thus further reducing the risks.
The training and measures were well received by the employees and could be implemented and applied in everyday work. As an employee put it in the measurement survey:
“I consider regular training/instructions on security, like those for occupational safety and fire protection instructions, as necessary to stay up-to-date and to provide all those involved with comprehensive information.”
Mainzer Stadtwerke Employee
Employees must complete refresher courses every year, with new topics being added regularly. New employees are also given extensive training at the start of their employment.
The training actions based on the overall program can also be used as proof for ISO certification and annual re- certification.
All measures planned and implemented to date promote a security-conscious corporate culture and thus contribute to the “human firewall.” Through holistic and continuous training over a longer period of time, knowledge about information security is constantly expanded and strengthened in the security culture.
The training material is regularly updated to ensure it is up-to-date and expanded with new additional training courses.
In the future, the suppliers are also to be involved in training courses and another survey carried out using the Security Awareness Radar®.
Sind Sie bereit, die Security Awareness in Ihrem Unternehmen aufs nächste Level zu bringen?
Der erste Schritt ist ganz leicht:
Vereinbaren Sie gleich ein kostenloses Beratungsgespräch.
Dr. Thomas Schlienger
CEO und Inhaber
Are you ready to take security awareness to the next level in your business?
The first step is easy:
Arrange a free consultation now.
Dr. Thomas Schlienger
CEO and founder