DER
DER.1 Detection of Security-Relevant Events
To protect IT systems, security-relevant events must be detected and handled in a timely manner. To achieve this, institutions must plan, implement, …
DER.2.1 Security Incident Handling
To limit damage and prevent further harm, detected security incidents must be handled quickly and efficiently. To this end, a predefined and tested …
DER.2.2 Precautions for IT Forensics
IT forensics is the strictly methodical analysis of data on storage media and in data networks to investigate security incidents in IT systems.
DER.2.3 Remediation of Extensive Security Incidents
Advanced Persistent Threats (APTs) are targeted cyber attacks on selected institutions and organizations. Attackers gain persistent access to a …
DER.3.1 Audits and Revisions
Audits and revisions are fundamental to every successful information security management system (ISMS). Only if established security measures and …
DER.3.2 Revisions Based on the IS Revision Guide
A special form of revision is the information security revision (IS revision) based on the document Information Security Revision - A Guide for IS …
DER.4 Emergency Management
In emergencies, institutions must continue to be able to access information in order to restore a business process, an IT system, or a specialist …