Core competencies
Information security
Information security addressed and implemented
- Risk management and security management
- Security guidelines and regulatory systems
- Information security management system (ISMS)
- Identity & access management
- IT and business continuity planning
- Support or representation of the persons in charge of IT security
- Deriving the security architecture from the analysis of protection required
- Ascertaining the proposals and requirements for the security architecture
- Dividing up the security architecture subjects e.g. according to TOGAF
- Presenting the security architecture in a way appropriate to the stakeholders, with various different viewpoints and perspectives
- Optimising the target security architecture according to the motto “As much security as is necessary, and not as much as is possible” (ROSI – Return on Security Investment)
- Assessment: advice and support
- Compliance audit: adhering to proposals
- Certification audit: preparing for certification
- Incident audit: investigation of incidents
Deriving the security architecture from the analysis of protection required 
