TEN Information Management GmbH

Blog

News about information & data security, as well as about TEN Information Management GmbH

Why combining IT and cybersecurity responsibilities in a leadership role is risky

Recently, LinkedIn suggested that I apply for the position of “Director of Global IT & Cyber Security”: a medium-sized company, multiple locations, well-known brand. Apart from the fact that I have enough to do at...
Read more

Bureaucracy, Part 748923: The difficulty of paying bills on time

As an entrepreneur, you know that when business isn’t going so well, outstanding payments can sometimes pile up. Most business partners pay after a friendly reminder, but sometimes you encounter absurd situations. I would like...
Read more

Overview of significant changes to ISO/IEC 27006-1:2024

The revision of ISO 27006 brings significant changes for ISMS audits according to ISO 27001—especially for digitized companies. I have looked into this and identified the following key points: New calculation logic for audit days...
Read more

Vocabulary related to information security – a basic prerequisite for mutual understanding!

In practice and in marketing, misleading terminology is often encountered in connection with information security standards such as ISO 27001 and SOC 2. This imprecise use not only leads to misunderstandings, but can also undermine...
Read more

Collective irresponsibility in the supply chain: Why information security often fails during supplier onboarding

In theory, it sounds simple: suppliers are selected according to defined criteria, risks are assessed and then selected. In practice, things are usually different. Especially when onboarding suppliers, there is often a pattern of collective...
Read more

The policy problem: Why nobody reads policies anymore – and how we can change that

The “policy problem” plagues many companies and has become an annoying reality: There are countless policies on almost every topic, but hardly anyone knows which ones are relevant to him or her. This is particularly...
Read more

ISO 42001: AI Risk Assessment vs. AI System Impact Assessment

AI Risk Assessment vs. AI System Impact Assessment: according to ISO 42001 ISO 42001, the international standard for AI management systems, requires organizations to conduct both an AI Risk Assessment and an AI System Impact...
Read more

Pseudo-IT security – promoted and demanded by the CIO

I recently had an initial meeting with an interested party – a large medium-sized company from the manufacturing industry. The CIO reported that they had already implemented various IT security measures and now felt it...
Read more

IT security in the banking environment: How banks are doing IT security a disservice (and driving customers away)

The following report is so unbelievable that it could have come from the famous Paulaner garden – if I hadn’t known the person concerned for over 10 years. That’s how I know that what I’ve...
Read more

Synergies between ISO 27001 and ISO 42001: a holistic approach to information security and AI management

Synergies between ISO 27001 and ISO 42001: a holistic approach to information security and AI management The recently published ISO 42001 marks a significant milestone for the methodical use of artificial intelligence (AI) in companies....
Read more