Abstract:

The digitization of business models and processes within the management systems of companies is to be understood as the operationalization of the Statement of Applicability (SoA). For this purpose, the quality of measures must be integrated and optimized in the adjustment processes while observing governance and compliance. Due to the diverse software systems, changes of the workflow processes during activities are becoming more complex in terms of content and require adequate IT security standards to protect against attacks on the IT infrastructure. For the energy network and energy system operators, the core requirements for maintaining the protection objectives are required by the legal framework. In addition, the target definitions of the market players in telecommunications services must also be considered. For this, it is advisable for the actors to expand the previous model of information processing to include the protection objectives.

The aim here is on the optimized establishment of information security by comparing the corresponding measures for process optimization. Only then there is the possibility of an agile change management. With the establishment of an information security management system (ISMS), the processes lead to a secure exchange of information. For this purpose, an agile maturity model related to the digitization of processes in compliance with the protection objectives for information security and data protection must be developed and the interaction of the processes must be modelled. The risk management process (RMP) of the ISMS is mostly limited to static threat catalogues and one-time risk assessments for the area of application, whereby mainly general measures for risk handling are derived. Due limited perspectives, relevant risks are out of focus and can lead to a high risk taking. A company-wide framework for information security and data protection forms the basis of a common security technology and enables the administration of security-relevant measures.