PeakMaven

Book a Consultation

Information Security Officer (ISO)

CON.1

CON.1 Cryptographic Concept

Cryptography is a widely used means of ensuring information security with respect to the protection objectives of confidentiality, integrity and …

ISMS.1

ISMS.1 Security Management

(Information) security management refers to the planning, control, and oversight tasks required to establish and continuously implement a …

OPS.1.2.4

OPS.1.2.4 Telework

Telework refers to any activity supported by information and communications technology that is performed wholly or partly outside the premises and …

DER.2.1

DER.2.1 Security Incident Handling

To limit damage and prevent further harm, detected security incidents must be handled quickly and efficiently. To this end, a predefined and tested …

DER.2.2

DER.2.2 Precautions for IT Forensics

IT forensics is the strictly methodical analysis of data on storage media and in data networks to investigate security incidents in IT systems.

CON.3

CON.3 Data Backup Concept

Institutions store ever increasing amounts of data and are simultaneously ever more dependent on it. If data is lost, e.g. due to defective …

ORP.3

ORP.3 Information Security Awareness and Training

Employees are an important success factor for a high level of information security in an institution. It is therefore important that they know the …

DER.3.1

DER.3.1 Audits and Revisions

Audits and revisions are fundamental to every successful information security management system (ISMS). Only if established security measures and …

DER.3.2

DER.3.2 Revisions Based on the IS Revision Guide

A special form of revision is the information security revision (IS revision) based on the document Information Security Revision - A Guide for IS …

DER.4

DER.4 Emergency Management

In emergencies, institutions must continue to be able to access information in order to restore a business process, an IT system, or a specialist …

ORP.4

ORP.4 Identity and Access Management

Access to an institution's protected resources must be restricted to authorised users and authorised IT components. Users and IT components must be...

SYS.4.1

SYS.4.1 Printers, Copiers, and Multifunction Devices

Modern printers, copiers, and multifunction devices are complex devices that, in addition to mechanical components, contain their own operating …

INF.5

INF.5 Room and Cabinet for Technical Infrastructure

A room for technical infrastructure contains technical components that rarely need to be operated directly on-site. However, they are indispensable …

CON.6

CON.6 Deletion and Destruction

Deletion and destruction constitute an essential component of the lifecycle of information on storage media. The term storage media in this building …

INF.6

INF.6 Storage Media Archive

Storage media archives are enclosed rooms within an institution in which storage media of all types are stored. These include not only storage media …

CON.7

CON.7 Information Security during International Travel

Work-related travel has become part of everyday life in many institutions. In order to be able to work outside the regular working environment, it …

INF.7

INF.7 Office Workplace

An office room is the area within an institution where one or more employees are present to carry out their tasks. This building block describes the …

CON.9

CON.9 Information Exchange

Information is transmitted between senders and recipients via different communication channels, such as personal conversations, telephone calls, …

INF.9

INF.9 Mobile Workplace

Good network coverage and powerful IT devices such as laptops, smartphones, or tablets enable employees to work from almost any location. This means …