Information security officer
Information
security
officer
The duties of the
information security
officer consist of
IMPLEMENTATION
CONTROL
IMPROVEMENT
of the information security management system (ISMS)
Duties of the Information Security Officer
Your information security officer ensures:
- Development and implementation of an information security management system (ISMS) in accordance with standards such as ISO 27001 / BSI basic protection
- Conducting risk analyses and identifying vulnerabilities.
- Creating and updating security policies
- Advising on the creation of emergency plans
- Raising awareness and training your employees in dealing with cyber risks
- Monitoring and improving IT security measures
- Development and implementation of measures to defend against cyber attacks, including intrusion detection and prevention
- Conducting regular penetration tests and security audits
- Monitoring compliance with legal and regulatory requirements for IT security
- Advising on the selection and implementation of secure IT systems and technologies
- Support in investigating and managing security incidents (incident response)
When does it make sense for a company to appoint an information security officer?
In Germany, there is no general legal obligation for companies to appoint an ISB. However, exceptions apply to companies that fall under the definition of critical infrastructure (KRITIS) and are regulated by the BSI Act (BSIG). According to Section 8a BSIG, KRITIS operators must take appropriate technical and organisational precautions to prevent specific disruptions to their IT equipment.
To meet this requirement, there are various information security standards, some of which are sector-specific, such as ISO/IEC 27001, BSI Basic Protection and TISAX. As these standards require the appointment of an ISB, KRITIS operators are effectively required to appoint one.
In numerous companies, it is advisable to appoint an information security officer or consult one; for operators of critical infrastructure, this is mandatory.
My certifications
im Informationssicherheitsumfeld
- ITSiBe / CISO according to ISO 27001 and BSI IT-Grundschutz[BREDEX GmbH]
- ISMS in practice – setup, implementation, operation & audit[BREDEX GmbH]
- Lead Auditor ISO 27001[DGI Deutsche Gesellschaft für Informationssicherheit AG]
- Lead Auditor ISO 22301 Business Continuity Management [BSI Group]
- Business Continuity Manager (BCM) according to ISO 22301, ISO 27031 and BSI IT-Grundschutz [BREDEX GmbH]
- Qualified IT Risk Manager according to ISO 31000 / ONR 49003[DGI Deutsche Gesellschaft für Informationssicherheit AG]
- Additional testing procedure expertise for Section 8a BSIG [KPMG | Bitkom Akademie]
- Microsoft Cloud Security Expert [Bitkom Academy]
- AI Compliance Officer [Bitkom Academy]
