Information security is a necessity in today’s corporate environment and needs to be managed. The requirements are based on the corporate context (industry, customer requirements, legal and standard requirements and the risk environment).
In addition to the acute risk of breaking the confidentiality, availability and integrity of information, there are three main challenges to overcome:
Challenge 1: Complexity of topics
Information security not only affects “the servers” or “the PC”, it basically affects the subject areas
- technical
- organizational
- physical
and need to be coordinated and controlled.
Challenge 2: Documentation effort
Due to the complexity of the information security documentation is essential but often outdated or incomplete due to the daily work load. This leads to
- aggravated error / incident handling
- Audit findings
- additional problems in case of emergency
Challenge 3: Different target audience
Requirements and measures must be regularly proven to different interest groups:
- employees
- customer
- auditors