Skip to main content
Information security

Information security

Board members and managing directors at banks and financial service providers, CISO, outsourcing controlling, risk controlling, compliance, data protection and internal audit


Plus 19% VAT.
  • With the seminar, you will receive a certificate as proof of your expertise
    (e.g. for submission to BaFin)

  • Tasks of the Information Security Officer

  • Risk analysis to determine the need for IT protection

  • Ongoing monitoring duties of the Information Security Officer


  • 9.15 am – 1.00 pm

    Tasks of the Information Security Officer

    Overview of the range of tasks: interlocking IT strategy, information security and information risk management

    Efficient communication and interface management with outsourcing, data protection and compliance officers

     You need to know these “red lines”: Minimum requirements from BAIT, KAIT, VAIT, ZAIT, DIN EN ISO 2700x and BSI-Grundschutz in an audit-proof manner.

    Introduction of the information security guideline with processes for identification, protection, detection, response and recovery

    Establishment of an audit-proof management reporting system

    Risk analysis to determine the need for IT protection

    Risk analysis in information management

    Implementation of the qualitatively tightened risk analysis on the basis of uniform scoring criteria

    Assessment of the need for protection with regard to the goals of Integrity, availability, confidentiality and authenticity

    Benchmarks for drawing up the catalogue of target measures and deriving the risk-reducing measures

    Steering and control activities and their implementation

S+P Tool Box

  • Organisational handbook for the Information Security Guideline (Length approx. 30 pages)
  • Sample reporting for Information Security Officer
  • S+P Tool Risk Assessment: Determination of IT protection needs

Information security

  • 2.00 pm – 5.00 pm

    Ongoing monitoring duties of the information security officer

    New requirements for monitoring, control and reporting obligations

    The focus on agility places high demands on user Authorisation management

    Ad hoc reporting on significant IT projects and
    IT project risks to the management

    Mapping of significant project risks in risk management

    New requirements for control and reporting obligations of the IT service provider and the outsourcing officer

    Establish appropriate processes for IT application development

    Delimit outsourcing and other external procurement of IT services in an auditable manner

    Data protection concept of the ISB versus deletion concept of the DPO

Information security
Information security