Information Security

Information security is a necessity in today’s corporate environment and needs to be managed. The requirements are based on the corporate context (industry, customer requirements, legal and standard requirements and the risk environment).

In addition to the acute risk of breaking the confidentiality, availability and integrity of information, there are three main challenges to overcome:

Challenge 1: Complexity of topics

Information security not only affects “the servers” or “the PC”, it basically affects the subject areas

  • technical
  • organizational
  • physical

and need to be coordinated and controlled.

Challenge 2: Documentation effort

Due to the complexity of the information security documentation is essential but often outdated or incomplete due to the daily work load. This leads to

  • aggravated error / incident handling
  • Audit findings
  • additional problems in case of emergency


Challenge 3: Different target audience

Requirements and measures must be regularly proven to different interest groups:

  • employees
  • customer
  • auditors