{"id":15442,"date":"2024-09-16T14:20:00","date_gmt":"2024-09-16T12:20:00","guid":{"rendered":"https:\/\/oberender.com\/unkategorisiert\/information-security-part-2-the-organization\/"},"modified":"2024-10-07T12:18:58","modified_gmt":"2024-10-07T10:18:58","slug":"information-security-part-2-the-organization","status":"publish","type":"post","link":"https:\/\/oberender.com\/en\/blog-en\/information-security-part-2-the-organization\/","title":{"rendered":"Information Security Part 2 &#8211; The Organization"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">In this article, we look at the organization in the context of information security management.\nAs with all management systems that apply the PDCA (Plan-Do-Control-Act) cycle in any way, it takes people to embark on the journey. <\/p>\n\n<h3 class=\"wp-block-heading\" id=\"h-die-moglichkeiten-der-organisation-sind-vielfaltig\">The possibilities for organization are manifold<\/h3>\n\n<p class=\"wp-block-paragraph\">If you look at the different standards, there is a great deal of scope for mapping the topic in the organization:<\/p>\n\n<ul class=\"wp-block-list\">\n<li><strong> ISO 27001:2024<\/strong> requires a <strong>clear organization<\/strong>, but leaves the design up to the company<\/li>\n\n\n\n<li><strong>ISO 27779:2016<\/strong>, which has been specially adapted for the healthcare sector, requires <strong>at least one person<\/strong> who is professionally qualified or has received appropriate training from the company management<\/li>\n\n\n\n<li>In <strong>basic protection <\/strong>(2023, module ISMS.1.A4) and the B3S standard (ANF-MN 8), the appointment of an <strong>information security officer <\/strong>is a MANDATORY requirement<\/li>\n\n\n\n<li>The American NIST-SP800 standards also specify the appointment of an <strong>Information Security Officer<\/strong> (NIST SP800-53r5 Control PM-2)<\/li>\n\n\n\n<li>The various standards also call for various staff and responsible persons, albeit mainly as target specifications<\/li>\n<\/ul>\n\n<h3 class=\"wp-block-heading\" id=\"h-unterschiedliche-schwerpunkte-der-verschiedenen-standards\">Different focuses of the various standards  <\/h3>\n\n<p class=\"wp-block-paragraph\">While COBIT places particular emphasis on anchoring in the organization and alignment with the corporate strategy, basic protection focuses strongly and in detail on the technical infrastructure.<\/p>\n\n<p class=\"wp-block-paragraph\">These degrees of freedom are understandable, as a laboratory with 50 employees does not have the economic and organizational resources of a university hospital with 18,000 employees or a multinational company within the scope of various laws.\nThe organization of information security management must be able to adapt to the company and its objectives. <\/p>\n\n<h3 class=\"wp-block-heading\" id=\"h-also-was-brauchen-sie\">So, what do you need?<\/h3>\n\n<ul class=\"wp-block-list\">\n<li>In any case, you need an <strong>information security officer<\/strong> in the <strong>hospital <\/strong>, this results from the B3S standard, or better \u00a7391 para.\n4 SGB V. The ISB can be employed internally or contracted externally, but must be professionally qualified and be provided with the time and resources for their work by the company.\nIn other healthcare companies, it depends on whether there is an industry standard and whether the company is above or below the KRITIS threshold.\nIn principle, it is always advisable to consider appointing an ISB.   <\/li>\n\n\n\n<li>As an interface to the organization, it is a good idea to <strong>form a team<\/strong> that deals with the topic of information security.\nThis should be made up of members of the relevant professional groups.\nThe <strong>data protection officer <\/strong>should also be involved.  <\/li>\n\n\n\n<li>In small organizations in particular, you can consider assigning the task to existing staff or teams or combining tasks, for example a crisis team and an information security team.<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">As you can see, there is a lot of <strong>room for manoeuvre<\/strong> in the organization of information security as long as you are not a KRITIS company.\nBut it has to be done, so give those responsible the space to do so. <\/p>\n\n<p class=\"wp-block-paragraph\">The next posts will focus on the content work and we&#8217;re going full risk! <br\/>Click here for the <a href=\"https:\/\/oberender.com\/en\/blog-en\/information-security-part-3-information-inventory-and-risk-management\/\">article <strong>&#8220;Information inventory and risk management&#8221;<\/strong><\/a>, part 3 of our blog series.<\/p>\n\n<h3 class=\"wp-block-heading\" id=\"h-cyber-risiko-check-ein-neues-angebot-der-oberender-ag\">Cyber risk check &#8211; a new service from Oberender AG<\/h3>\n\n<p class=\"wp-block-paragraph\">Do you want to know where you stand in terms of information security right now?\nGreat &#8211; then let&#8217;s do the <strong>cyber risk check<\/strong> together.\nYou can find more information <a href=\"\">here<\/a>.  <\/p>\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Read this blog post to find out how you can best organize the topic of information security in your company.<\/p>\n","protected":false},"author":5,"featured_media":15362,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[62,220,64],"tags":[152,223,148,222,225,117],"class_list":["post-15442","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-en","category-data-security","category-digitisation","tag-consultant","tag-cyber-security-en","tag-hospital","tag-information-security","tag-organization","tag-public-health"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.8 (Yoast SEO v27.8) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Information Security Part 2 - The Organization - Oberender AG<\/title>\n<meta name=\"description\" content=\"There is a lot of leeway when it comes to organizing information security. In this article, we explain what is right for your company.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/oberender.com\/en\/blog-en\/information-security-part-2-the-organization\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Information Security Part 2 - The Organization - Oberender AG\" \/>\n<meta property=\"og:description\" content=\"There is a lot of leeway when it comes to organizing information security. In this article, we explain what is right for your company.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/oberender.com\/en\/blog-en\/information-security-part-2-the-organization\/\" \/>\n<meta property=\"og:site_name\" content=\"Oberender AG\" \/>\n<meta property=\"article:published_time\" content=\"2024-09-16T12:20:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-10-07T10:18:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/oberender.com\/wp-content\/uploads\/iStock-1169668297.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2124\" \/>\n\t<meta property=\"og:image:height\" content=\"1412\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ursula Lauterbach\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ursula Lauterbach\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/oberender.com\\\/en\\\/blog-en\\\/information-security-part-2-the-organization\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/oberender.com\\\/en\\\/blog-en\\\/information-security-part-2-the-organization\\\/\"},\"author\":{\"name\":\"Ursula Lauterbach\",\"@id\":\"https:\\\/\\\/oberender.com\\\/en\\\/#\\\/schema\\\/person\\\/6d858500dcc179abc6e781d3d95329b3\"},\"headline\":\"Information Security Part 2 &#8211; The Organization\",\"datePublished\":\"2024-09-16T12:20:00+00:00\",\"dateModified\":\"2024-10-07T10:18:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/oberender.com\\\/en\\\/blog-en\\\/information-security-part-2-the-organization\\\/\"},\"wordCount\":532,\"publisher\":{\"@id\":\"https:\\\/\\\/oberender.com\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/oberender.com\\\/en\\\/blog-en\\\/information-security-part-2-the-organization\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/oberender.com\\\/wp-content\\\/uploads\\\/iStock-1169668297.jpg\",\"keywords\":[\"Consultant\",\"cyber-security\",\"Hospital\",\"Information security\",\"Organization\",\"Public Health\"],\"articleSection\":[\"Blog\",\"Data security\",\"Digitisation\"],\"inLanguage\":\"en-US\",\"copyrightYear\":\"2024\",\"copyrightHolder\":{\"@id\":\"https:\\\/\\\/oberender.com\\\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/oberender.com\\\/en\\\/blog-en\\\/information-security-part-2-the-organization\\\/\",\"url\":\"https:\\\/\\\/oberender.com\\\/en\\\/blog-en\\\/information-security-part-2-the-organization\\\/\",\"name\":\"Information Security Part 2 - The Organization - Oberender AG\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/oberender.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/oberender.com\\\/en\\\/blog-en\\\/information-security-part-2-the-organization\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/oberender.com\\\/en\\\/blog-en\\\/information-security-part-2-the-organization\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/oberender.com\\\/wp-content\\\/uploads\\\/iStock-1169668297.jpg\",\"datePublished\":\"2024-09-16T12:20:00+00:00\",\"dateModified\":\"2024-10-07T10:18:58+00:00\",\"description\":\"There is a lot of leeway when it comes to organizing information security. In this article, we explain what is right for your company.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/oberender.com\\\/en\\\/blog-en\\\/information-security-part-2-the-organization\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/oberender.com\\\/en\\\/blog-en\\\/information-security-part-2-the-organization\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/oberender.com\\\/en\\\/blog-en\\\/information-security-part-2-the-organization\\\/#primaryimage\",\"url\":\"https:\\\/\\\/oberender.com\\\/wp-content\\\/uploads\\\/iStock-1169668297.jpg\",\"contentUrl\":\"https:\\\/\\\/oberender.com\\\/wp-content\\\/uploads\\\/iStock-1169668297.jpg\",\"width\":2124,\"height\":1412,\"caption\":\"Network security concept. Cyber protection. Anti virus software.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/oberender.com\\\/en\\\/blog-en\\\/information-security-part-2-the-organization\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/oberender.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Information Security Part 2 &#8211; The Organization\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/oberender.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/oberender.com\\\/en\\\/\",\"name\":\"Oberender AG\",\"description\":\"Ihr Partner im Klinikmanagement.\",\"publisher\":{\"@id\":\"https:\\\/\\\/oberender.com\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/oberender.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/oberender.com\\\/en\\\/#organization\",\"name\":\"Oberender AG\",\"url\":\"https:\\\/\\\/oberender.com\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/oberender.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/oberender.com\\\/wp-content\\\/uploads\\\/171218_Oberender_RGB.png\",\"contentUrl\":\"https:\\\/\\\/oberender.com\\\/wp-content\\\/uploads\\\/171218_Oberender_RGB.png\",\"width\":769,\"height\":186,\"caption\":\"Oberender AG\"},\"image\":{\"@id\":\"https:\\\/\\\/oberender.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/oberender-ag\\\/\",\"https:\\\/\\\/www.xing.com\\\/pages\\\/oberenderag\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/oberender.com\\\/en\\\/#\\\/schema\\\/person\\\/6d858500dcc179abc6e781d3d95329b3\",\"name\":\"Ursula Lauterbach\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Information Security Part 2 - The Organization - Oberender AG","description":"There is a lot of leeway when it comes to organizing information security. In this article, we explain what is right for your company.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/oberender.com\/en\/blog-en\/information-security-part-2-the-organization\/","og_locale":"en_US","og_type":"article","og_title":"Information Security Part 2 - The Organization - Oberender AG","og_description":"There is a lot of leeway when it comes to organizing information security. In this article, we explain what is right for your company.","og_url":"https:\/\/oberender.com\/en\/blog-en\/information-security-part-2-the-organization\/","og_site_name":"Oberender AG","article_published_time":"2024-09-16T12:20:00+00:00","article_modified_time":"2024-10-07T10:18:58+00:00","og_image":[{"width":2124,"height":1412,"url":"https:\/\/oberender.com\/wp-content\/uploads\/iStock-1169668297.jpg","type":"image\/jpeg"}],"author":"Ursula Lauterbach","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Ursula Lauterbach","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/oberender.com\/en\/blog-en\/information-security-part-2-the-organization\/#article","isPartOf":{"@id":"https:\/\/oberender.com\/en\/blog-en\/information-security-part-2-the-organization\/"},"author":{"name":"Ursula Lauterbach","@id":"https:\/\/oberender.com\/en\/#\/schema\/person\/6d858500dcc179abc6e781d3d95329b3"},"headline":"Information Security Part 2 &#8211; The Organization","datePublished":"2024-09-16T12:20:00+00:00","dateModified":"2024-10-07T10:18:58+00:00","mainEntityOfPage":{"@id":"https:\/\/oberender.com\/en\/blog-en\/information-security-part-2-the-organization\/"},"wordCount":532,"publisher":{"@id":"https:\/\/oberender.com\/en\/#organization"},"image":{"@id":"https:\/\/oberender.com\/en\/blog-en\/information-security-part-2-the-organization\/#primaryimage"},"thumbnailUrl":"https:\/\/oberender.com\/wp-content\/uploads\/iStock-1169668297.jpg","keywords":["Consultant","cyber-security","Hospital","Information security","Organization","Public Health"],"articleSection":["Blog","Data security","Digitisation"],"inLanguage":"en-US","copyrightYear":"2024","copyrightHolder":{"@id":"https:\/\/oberender.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/oberender.com\/en\/blog-en\/information-security-part-2-the-organization\/","url":"https:\/\/oberender.com\/en\/blog-en\/information-security-part-2-the-organization\/","name":"Information Security Part 2 - The Organization - Oberender AG","isPartOf":{"@id":"https:\/\/oberender.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/oberender.com\/en\/blog-en\/information-security-part-2-the-organization\/#primaryimage"},"image":{"@id":"https:\/\/oberender.com\/en\/blog-en\/information-security-part-2-the-organization\/#primaryimage"},"thumbnailUrl":"https:\/\/oberender.com\/wp-content\/uploads\/iStock-1169668297.jpg","datePublished":"2024-09-16T12:20:00+00:00","dateModified":"2024-10-07T10:18:58+00:00","description":"There is a lot of leeway when it comes to organizing information security. In this article, we explain what is right for your company.","breadcrumb":{"@id":"https:\/\/oberender.com\/en\/blog-en\/information-security-part-2-the-organization\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/oberender.com\/en\/blog-en\/information-security-part-2-the-organization\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/oberender.com\/en\/blog-en\/information-security-part-2-the-organization\/#primaryimage","url":"https:\/\/oberender.com\/wp-content\/uploads\/iStock-1169668297.jpg","contentUrl":"https:\/\/oberender.com\/wp-content\/uploads\/iStock-1169668297.jpg","width":2124,"height":1412,"caption":"Network security concept. Cyber protection. Anti virus software."},{"@type":"BreadcrumbList","@id":"https:\/\/oberender.com\/en\/blog-en\/information-security-part-2-the-organization\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/oberender.com\/en\/"},{"@type":"ListItem","position":2,"name":"Information Security Part 2 &#8211; The Organization"}]},{"@type":"WebSite","@id":"https:\/\/oberender.com\/en\/#website","url":"https:\/\/oberender.com\/en\/","name":"Oberender AG","description":"Ihr Partner im Klinikmanagement.","publisher":{"@id":"https:\/\/oberender.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/oberender.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/oberender.com\/en\/#organization","name":"Oberender AG","url":"https:\/\/oberender.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/oberender.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/oberender.com\/wp-content\/uploads\/171218_Oberender_RGB.png","contentUrl":"https:\/\/oberender.com\/wp-content\/uploads\/171218_Oberender_RGB.png","width":769,"height":186,"caption":"Oberender AG"},"image":{"@id":"https:\/\/oberender.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/oberender-ag\/","https:\/\/www.xing.com\/pages\/oberenderag"]},{"@type":"Person","@id":"https:\/\/oberender.com\/en\/#\/schema\/person\/6d858500dcc179abc6e781d3d95329b3","name":"Ursula Lauterbach"}]}},"_links":{"self":[{"href":"https:\/\/oberender.com\/en\/wp-json\/wp\/v2\/posts\/15442","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oberender.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/oberender.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/oberender.com\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/oberender.com\/en\/wp-json\/wp\/v2\/comments?post=15442"}],"version-history":[{"count":0,"href":"https:\/\/oberender.com\/en\/wp-json\/wp\/v2\/posts\/15442\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oberender.com\/en\/wp-json\/wp\/v2\/media\/15362"}],"wp:attachment":[{"href":"https:\/\/oberender.com\/en\/wp-json\/wp\/v2\/media?parent=15442"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/oberender.com\/en\/wp-json\/wp\/v2\/categories?post=15442"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/oberender.com\/en\/wp-json\/wp\/v2\/tags?post=15442"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}