Information security

Programm

• 9.15 am – 1.00 pm

  Tasks of the Information Security Officer

  ---

  Overview of the range of tasks: Interlocking IT strategy, information security and information risk management

  ---

  Efficient communication and interface management with outsourcing, data protection and compliance officers

  ---

   You need to know these “red lines”: Minimum requirements from BAIT, KAIT, VAIT, ZAIT, DIN EN ISO 2700x and BSI-Grundschutz in an audit-proof manner.

  ---

  Introduction of the information security guideline with processes for identification, protection, detection, response and recovery

  ---

  Establishment of an audit-proof management reporting system

  ---

  Risk analysis to determine the need for IT protection

  ---

  Risk analysis in information management

  ---

  Implementation of the qualitatively tightened risk analysis on the basis of uniform scoring criteria

  ---

  Assessment of the need for protection with regard to the goals of Integrity, availability, confidentiality and authenticity

  ---

  Benchmarks for drawing up the catalogue of target measures and deriving the risk-reducing measures

  ---

  Steering and control activities and their implementation

• 2.00 pm – 5.00 pm

  Ongoing monitoring duties of the information security officer

  ---

  New requirements for monitoring, control and reporting obligations

  ---

  The focus on agility places high demands on user Authorisation management

  ---

  Ad hoc reporting on significant IT projects and
  IT project risks to the management

  ---

  Mapping of significant project risks in risk management

  ---

  New requirements for control and reporting obligations of the IT service provider and the outsourcing officer

  ---

  Establish appropriate processes for IT application development

  ---

  Delimit outsourcing and other external procurement of IT services in an auditable manner

  ---

  Data protection concept of the ISB versus deletion concept of the DPO