Design ISDP concept
Purpose
The ISDP concept creates the prerequisites for realizing and transferring the requirements for information security and data protection.
Basic idea
The ISDP concept completes the information security and data protection requirements. It includes a detailed and in-depth risk analysis. The protection measures are defined.
HERMES specific
The IDSP concept is based, firstly, on the study and protection needs analysis outcomes developed in the initiation phase and, secondly, on the organizational and solution requirements outcomes. It must be handled in accordance with the requirements of the core organization concerning information protection.
Activities
- Create a system description with the security-related components.
- Create a risk analysis, show how risks are addressed with overarching concepts, and identify residual risks.
- Create the emergency concept and processing regulations, and record them in the ISDP concept.
- Coordinate the ISDP concept with the controlling and compliance bodies.
Results
Relationships
| Module | Task | Task responsibility | Outcome | Involved in creation of outcome |
|---|---|---|---|---|
| ISDP | Design ISDP concept | ISDP manager | ISDP concept | ISDP manager, Operations manager, IT architect |