PeakMaven

Book a Consultation

Subject Matter Experts

CON.1

CON.1 Cryptographic Concept

Cryptography is a widely used means of ensuring information security with respect to the protection objectives of confidentiality, integrity and …

DER.1

DER.1 Detection of Security-Relevant Events

To protect IT systems, security-relevant events must be detected and handled in a timely manner. To achieve this, institutions must plan, implement, …

OPS.1.1.3

OPS.1.1.3 Patch and Change Management

It is a major challenge to update the IT components deployed in an institution correctly and in a timely manner. In practice, it is evident that …

OPS.1.1.5

OPS.1.1.5 Logging

To ensure reliable IT Operations, IT systems and applications should log either all or at least selected operationally and security-relevant events, …

OPS.1.1.6

OPS.1.1.6 Software Testing and Approvals

The use of IT in institutions requires that automated data processing functions as error-free as possible, since the individual results can in most …

OPS.1.2.2

OPS.1.2.2 Archiving

Archiving plays a special role in the document management process. On the one hand, it is expected that digital documents will be available until the …

APP.1.4

APP.1.4 Mobile Applications (Apps)

Smartphones, tablets, and similar mobile devices are now widespread even in government agencies and companies. Employees can access the institution's …

APP.2.1

APP.2.1 General Directory Service

A directory service makes information about any objects available in a defined manner within a data network. An object can store associated …

DER.2.1

DER.2.1 Security Incident Handling

To limit damage and prevent further harm, detected security incidents must be handled quickly and efficiently. To this end, a predefined and tested …

APP.2.2

APP.2.2 Active Directory Domain Services

Active Directory (AD) is a collective term for various server roles developed by Microsoft for Windows Server. The server role Active Directory Domain …

DER.2.2

DER.2.2 Precautions for IT Forensics

IT forensics is the strictly methodical analysis of data on storage media and in data networks to investigate security incidents in IT systems.

OPS.2.2

OPS.2.2 Cloud Use

Cloud computing refers to the demand-driven provision, use, and billing of IT services over a network. The range of services offered within the …

OPS.2.3

OPS.2.3 Use of Outsourcing

In outsourcing, institutions (outsourcing users) outsource business processes or activities wholly or partly to one or more external service companies …

CON.3

CON.3 Data Backup Concept

Institutions store ever increasing amounts of data and are simultaneously ever more dependent on it. If data is lost, e.g. due to defective …

APP.3.2

APP.3.2 Web Servers

A web server is the core component of every web offering; it receives requests from clients and returns the corresponding content. Data is typically …

NET.4.1

NET.4.1 PBX Systems

A telecommunications system, or PBX for short, can internally connect the telephones of an institution and externally connect them to a public …

APP.4.3

APP.4.3 Relational Databases

Database systems (DBS) are a frequently used tool to organize, create, modify, and manage large collections of data with IT support. A DBS consists …

NET.4.3

NET.4.3 Fax Machines and Fax Servers

This building block examines the security aspects of transmitting information via standard fax machines and fax servers. The transmitted information …

SYS.4.5

SYS.4.5 Removable Storage Media

Removable storage media are often used to transport data, store it, or access it while mobile. Removable storage media include external hard drives, …

APP.6

APP.6 General Software

This building block encompasses all software under the term General Software, regardless of whether it is a word processor, an operating system, a …

CON.6

CON.6 Deletion and Destruction

Deletion and destruction constitute an essential component of the lifecycle of information on storage media. The term storage media in this building …

APP.7

APP.7 Development of Custom Software

Many institutions face challenges that they can no longer adequately address with off-the-shelf software. The tasks associated with these challenges …

CON.8

CON.8 Software Development

Many institutions face challenges that can no longer be adequately addressed with a finished, unadapted software product. They require software …

CON.9

CON.9 Information Exchange

Information is transmitted between senders and recipients via different communication channels, such as personal conversations, telephone calls, …

INF.11

INF.11 General Vehicle

Institutions use a wide variety of vehicles for short and long distances in many situations. In the context of this building block, vehicles are …

INF.12

INF.12 Cabling

Proper and standards-compliant cabling is the foundation for secure IT operations. A fundamental distinction must be made between electrotechnical …