Design ISDP concept
Purpose
The ISDP concept creates the prerequisites for ensuring information security and data protection.
Basic idea
The ISDP concept completes the information security and data protection requirements. It includes a detailed risk analysis. The protection measures are defined.
HERMES-specific
The ISDP concept must be handled in accordance with the information protection requirements (especially if it is classified as CONFIDENTIAL or SECRET, it may be stored only in encrypted form).
Activities
-
Create a system description with the security-related components
-
Create a risk analysis, show how risks are addressed with overarching concepts and identify residual risks
-
Create the emergency concept and processing regulations, and record them in the ISDP concept
-
Coordinate the ISDP concept with the controlling and compliance bodies
Relationships
Module | Task | Task responsibility | Outcome | Involved in creation of outcome |
---|---|---|---|---|
Information security and data protection | Design ISDP concept | ISDP manager | ISDP concept | Operations manager, Application owner, IT-architect |