Informationen zu Informationssicherheit, Cybersicherheit, Datenschutz und Syngenity! In einer zunehmend digitalisierten Welt sind diese Themen wichtiger denn je. Hier finden Sie aktuelle News rund um die Sicherheit Ihrer digitalen Daten.
Besuchen Sie regelmäßig unsere Seite und seien Sie immer einen Schritt voraus, wenn es um Ihre digitale Sicherheit geht.
BSI Grundschutz++ represents a consistent further development of the proven IT baseline protection and marks an important step towards modern, resilience-oriented cybersecurity governance. For many years, the classic BSI basic protection has been regarded as a reliable basis for information security in German organizations.
Audit Tips Vol. 5: Understanding controls: The purpose counts
In many companies, internal controls are carefully documented. They record who carries them out, how often they take place, which systems are used and which procedures are to be followed. These descriptions are important, but they fall short if they only describe the execution of a control. One crucial element is often missing: the reason why the control exists in the first place. Without this explanation, a control remains abstract and loses a significant part of its usefulness.
ISO 27001: Myth vs. reality – Myth 3: Risk assessment is a purely theoretical step with no practical benefit
In many organizations, the assumption persists that although risk assessment as part of ISO 27001 is a necessary documentation requirement, it offers little real added value for day-to-day activities. This step is often seen as a kind of theoretical exercise that ends in tables, evaluation matrices or abstract criteria. However, this view significantly underestimates the central importance of risk assessment. While the risk analysis merely describes which risks exist and how they arise, it is the risk assessment that turns this collection of information into an action-oriented tool.
Audit Tips Vol. 4: Audit Readiness Audit readiness is not a one-off task, but an ongoing component of effective corporate management. Nevertheless, many organizations still treat audits as an exceptional annual event. When the audit is suddenly on the doorstep, a...
Internal audit vs. external audit – why both are critical to a strong governance framework
Organizations today face a growing number of regulatory requirements, increasing security risks and ever more complex business processes. In this environment, audits play a central role in building trust, creating transparency and ensuring long-term organizational resilience. However, it is often underestimated how different internal and external audits are and what contribution both make to a robust governance framework. They complement each other in their impact and together offer companies a comprehensive view of effectiveness, security and compliance.
ISO 27001: Myth vs. reality – Myth 2: The risk assessment is just a formal audit point
In many companies, the idea persists that the risk assessment according to ISO 27001 is primarily a formal part of certification. Some organizations regard the risk assessment as a one-off mandatory task that must be completed before the audit in order to achieve certification. Once the certificate has been issued, the topic often loses attention in practice. However, this myth leads to significant misinterpretation of the standard and can compromise the effectiveness of the overall information security management system.
Strengthening data protection and information security: How ISO/IEC 27701, 27001 and 27002 work together
Today, many organizations are faced with the challenge of no longer viewing information security and data protection as separate disciplines, but rather as closely interlinked elements of a uniform management system. While information security primarily regulates technical and organizational protective measures for systems, data and processes, data protection places additional demands on transparency, legal bases, data subject rights and the responsible handling of personal information. These two perspectives are becoming increasingly intertwined and form the basis for a holistic level of security and data protection. The ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27701 standards provide a coherent, internationally recognized foundation for this.
Managing audit evidence is one of the central tasks of an effective information security management system. Nevertheless, many companies find that this area is often underestimated. Evidence is scattered in emails, personal folders, ticket systems, departmental drives or in different versions on SharePoint or Confluence. This decentralized storage not only leads to confusion, but also poses considerable risks in terms of compliance, traceability and efficiency. This becomes particularly clear when an external audit is due and everyone involved has to compile evidence under time pressure. It often turns out that documents are missing, out of date or cannot be clearly assigned.
Audits don’t have to be stressful. With small, regular steps, you can create transparency, save time and strengthen the trust of your stakeholders. Start a simple routine today – your next audit will be predictable and easy to plan.
Implementing an information security management system (ISMS) in accordance with ISO 27001 is an important step for many companies to systematically improve their information security and meet compliance requirements. However, despite the clear structure and proven approach provided by the standard, typical pitfalls often occur during implementation. These can jeopardize the success of the project, delay the certification process or, in the worst case, result in certification not being granted.