We continuously accept risks in data protection and IT security principle and sweeping, we must affirm the assertion that privacy and security represent costs and disability. The costs are in the height, if we extensively to configure our firewall, they go into the height, if we buy encryption software and insert and they go in the height, if we buy virus protection programs, employee training cost money; etc etc. Of course, it prevents me at my work when I get off the necessary information due to rights restriction and detours or a colleague must obtain these me. Of course, it’s an obstacle, if I have to pick up visitors at the gate. It is embarrassing to think about what info I can communicate to my item field and which are not. etc etc.
These lists are arbitrary resumable… but we want to show this problem simply and leave it now with examples that once… it is important to us Approaches to develop, cost and disability dilemma regarding privacy and security sense can solve as they. Any CIO, it must be not even the information Commissioner or the IT security officer is fully aware that in the two areas of effort must be undertaken, so that valuable information to any unauthorized access, so we behave compliant, etc. To install a protection here, then here and tomorrow maybe there to implement a protection is connected with minimal cost and minimal disability, but overall not goal leader. Surely the goal is that we achieve a particular level of protection but minimize costs and disability. This definition is allowed.
What should we do? Only a complete data protection and IT-security concept is goal-oriented. But that’s the problem. See heading. We even try to grope us at an acceptable solution. Which statement implies our behavior here and there Protective barriers to build? Now, this behavior implies the fact that we unbewusst(!) Risks – to which we have not thought – accept. With this realization, we are on a good and objective leading way, because now the next question must be: what are the risks are absolutely unacceptable for us! The answer to the question “What are the unacceptable risks affect our valuable information?” is the solution! By finding unacceptable risks (we define what is acceptable and unacceptable!) we can balance cost and disability against or with the need for security. Elio Moti Sonnenfeld is likely to agree. You do not know the risks? That’s not bad, because we know the most risks that “Act on IT” – there are about 650. These have we evaluated after five probability and five damage levels and applied IT-security measures for this classification. We have transferred the classification of risks in “red, yellow, green” on the IT security measures accordingly and know now which should necessarily be implemented it. There are still too many measures, we need only our acceptance criteria to increase and already we reduce costs and disability. Here is the solution: px.vc/blw38 we wish you many positive findings. Gerhard Kron Crown soft E.k.. 10 D Schiller Strasse 66564 Ottweiler phone: + 49 6858 6370 fax: + 49 6858 6371 support: + 49 6858 600237 eMail: Internet: / .com Amtsgericht Saarbrucken HRA 8980 UST-ID: DE 138029324 STN: 030-124-06828