The i-doit add-ons from becon
Add-ons integrate into the i-doit data model and enable the extension with additional functions, interfaces and evaluation options.
Establishment of a security management system with risk analysis and management according to ISO 27001 with the popular add-ons ISMS and VIVA2.
Documentation of medical devices with the MedTec add-on.
Other add-ons: Azure, OTRS Connector, ScanIT and Trigger.
Our add-ons and service packages for i-doit
becon’s i-doit products are divided into add-ons, which are made available to the customer via a subscription, and service packages, which consist of a combination of services, best practices, templates and sometimes scripts.
Extensibility
becon add-ons from i-doit
The integration of i-doit pro add-ons opens up new possibilities for you to strengthen your system with additional functions, extended interfaces and enhanced evaluation options.
The ISMS Add-on
forms an extension of the i-doit CMDB for setting up an Information Security Management System (ISMS). At the same time, it ensures that the requirements of ISO27001 are met.
Functions
- Risk analysis and management within i-doit
- Supports the implementation according to ISO27005 and BSI IT-Grundschutz 200-3 as well as the implementation of industry-specific security standards (KRITIS)
- Import and management of threats, vulnerabilities and measures from external catalogues (ISO27001, BSI Grundschutzkompendium, B3S)
- Documentation of the implementation status of the selected measures
- Risk assessments directly on already documented objects or object groups
- Reporting and integration into the documents add-on
- Support of risk analyses of individual locations within a client
Risk analyses according to the ISO27001 standard are carried out directly in the CMDB
The ISMS Add-on provides security documentation management exactly where it belongs: Integrated into the IT documentation. This is because the IT documentation is the first to know which new components have been integrated or which changes have been made to the IT infrastructure. In order to manage the security assessment on a daily basis, the ISMS add-on enables risk recording and assessment directly on the objects (IT assets, object groups, services/business processes) in i-doit.
The VIVA2 Add-on
is a technically and content-wise modernized version of the VIVA add-on, which is based on the BSI IT-Grundschutz standards 200-1 and 200-2. Like the tried and tested VIVA add-on, the new VIVA2 supports you in setting up an information security management system (ISMS) in accordance with the BSI IT-Grundschutz methodology.
Functions
- Establishment of an ISMS according to BSI standards 200-1 and 200-2, seamlessly integrated into the CMDB
- Management of the building blocks from the BSI IT-Grundschutz Compendium
- Creation of reports and graphical overviews
- Documentation of the protection requirement with visual representation of the protection requirement inheritance
- Wizard-supported data migration from VIVA1 to VIVA2
IT-Grundschutz
The update of the BSI IT-Grundschutz methodology from 100-X to 200-X, published by the German Federal Office for Information Security in October 2017, also raises the establishment of information security management systems to a new level. To support this methodology, the proven VIVA add-on is available in a completely revised version. The add-on was not only revised in terms of content, but above all technically modernized. Like the tried and tested VIVA add-on, the new VIVA2 supports you in setting up an ISMS according to the IT-Grundschutz methodology.
The MedTec Add-on
ISO 80001 urges hospitals and medical facilities to comprehensively document their environment. In addition, medical devices such as MRI, CT and PACS are increasingly based on standard IT, leading to the merging of medical IT and technology IT. Both of these factors make it useful to document medical devices in a standard CMDB.
Functions
The MedTec add-on extends i-doit with object types for the documentation of medical devices. The German Institute for Medical Documentation and Information (DIMDI) provides the Universal Medical Device Nomenclature System (UMDNS), a catalogue for the classification of medical devices. i-doit in combination with the add-on MedTec is able to document these medical devices.
The OTRSC Add-on
stands for “OTRS Connector” and is – as the name suggests – an interface add-on for the bidirectional connection of i-doit and OTRS. This interface provides event-based synchronization of i-doit Config Items with OTRS ITSM, is generic and can be extended by any functionality thanks to a suitable module in OTRS.
Functions
Digitalization with its vassals Cloud Computing, DevOps, Big Data and IoT are driving up the complexity of IT infrastructures. Automated processes in the data center backend – such as the connection of the ticket system to the CMDB – help the IT experts to focus on the essential issues to support the business departments. Faults are assigned to the devices and services causing them, problems are solved more quickly and the handling for the helpdesk engineers is improved. With this add-on, i-doit can improve service quality by sustainably optimizing response times.
The Azure Add-on
The provisioning of virtual machines in the cloud is fully automated in many data centers all the way to the end user. Self-service portals enable developers and business users to retrieve resources with just a few clicks. Who wants to keep up with static documentation? I-doit is now comfortable in the dynamic world of IaaS and PaaS with this add-on. Mixed operation is possible: i-doit in your own data center or directly in the cloud – i-doit can always access the data of your Azure Cloud. You can also query other cloud products, making i-doit a comprehensive documentation solution that extends beyond the boundaries of your data center.
Functions
The AZURE add-on enables fully automated documentation of the resources used in the Microsoft Azure Cloud. Here, Azure API Management is used to read all the data of a VM into i-doit. In combination with the service package “i-doit IaC (Infrastructure as Code), i-doit can be automatically deployed in the cloud. As soon as the machine is booted, all defined resources (VMs, storage, etc.) are documented fully automatically.
The ScanIT Add-on
adds another data import option to i-doit. With the ScanIT add-on, you unify the i-doit CMDB into a fully integrated change process where data capture can be performed entirely via the mobile device. Information that cannot be captured automatically can be easily added to the inventory. It can be new objects to be created or simple category entries to be updated.
Functions
The ScanIT add-on creates efficient workflows in which data capture can be carried out entirely via the mobile device. The required data is entered into predefined lists in a user-friendly manner using a barcode scanner. Required information of existing objects can be preloaded locally via QR code scanner or search function and processed further. Subsequently, the created data sets are transferred to i-doit at the push of a button.
The Trigger Add-on
i-doit is often used as a passive database, mainly to log the ACTUAL state. But what if you want to launch IT processes from i-doit? Like creating a ticket, for example. Or automatically deploying a virtual machine using an Ansible script. With the new Trigger Add-on you can put your own triggers (URL’s or scripts) behind buttons, which are then displayed on the i-doit interface within an object type or category. Additionally, restrict the use of the buttons using the permission system.
Functions
With the Trigger add-on, web requests or shell scripts can be sent (triggered) manually from i-doit. Placeholders can be used to automatically fill the requests with values from the selected or active objects.
Possible Usecases:
- Send issues/requests to a service desk/ticket system
- Sync object data to other systems
- Call webhooks in Opencelium to implement more complex data transfers
- Send a downtime/maintenance window to monitoring
- Launching a Virtual Machine Deployment Script
The right to call a trigger can be configured individually for each trigger. The button configuration can be used to configure where the buttons for calling a trigger are displayed and which triggers are combined under a common call button.
Information Security Management System
The practical guide to the i-doit ISMS
Systems, applications and processes within organizations are becoming increasingly complex. This increases the attack surface that potential attackers and malware can exploit. The goal of information security is to keep this attack surface low and to protect corporate assets. The topic of security only gains importance in many companies when business-critical processes have been disrupted or financial damage has occurred. Most impacts can be averted with simple means or their scope can be drastically reduced. We would like to introduce you to these steps in the i-doit ISMS Practice Guide.
Request ISMS Whitepaper now
Couldn’t attend the i-doit Compliance Roundtable LIVE? No problem. We recorded the event for you.
Request recording from Compliance Roundtable
premium partner
becon is i-doit Premium Partner,Certified Support Partner and Development Partner of synetics GmbH and thus provides the all-round carefree package.
premium partner
becon is i-doit Premium Partner,Certified Support Partner and Development Partner of synetics GmbH and thus provides the all-round carefree package.
premium partner
becon is i-doit Premium Partner,Certified Support Partner and Development Partner of synetics GmbH and thus provides the all-round carefree package.
Execution of risk analyses according to ISO27001 standard with the i-doit add-on ISMS
User Story of Schweickert GmbH
The digital world undoubtedly has its challenges. Especially when it comes to managing sensitive information. Surely you know all too well about the risks involved. But how can you manage these risks effectively and efficiently without getting lost in a sea of Excel spreadsheets?
In our latest user story, Christian Berg, Security Consultant and Information Security Officer at Schweickert GmbH, presents a solution that addresses precisely this issue. In the user story, he reports on the decision-making process leading up to the use of the i-doit add-on ISMS and how the tool facilitates his work. With features such as the Tree-View, the ISMS Risk Matrix and a wealth of objects, he demonstrates how easy and cost-effective the implementation of an information security management system can be.
Request User Story now
Service Management
Thei-doit Compliance Suite gathers all important tools for your IT security in one place: CMDB, ISMS, data protection and change management
Security
In addition to the introduction of i-doit, we also support you with our experience during the audit preparation.
becon blog
More articles on this topic
Get in touch with us!
We look forward to hearing from you.
Do you have any questions or are you facing a particular challenge? Our dedicated team will be happy to provide you with a no-obligation consultation.