TEN Information Management GmbH

Blog

News about information & data security, as well as about TEN Information Management GmbH

Most CEOs delegate information security. And that is exactly the problem.

In many companies, information security is still treated as an IT issue. As a result, it gets delegated. → To the IT department.→ To external service providers.→ To “someone who takes care of it.” What...
Read more

Process completed. Problem unresolved.

The wiper blades on my leased vehicle were worn out.The car had been sitting for six months before I took delivery—low mileage,visibility is now limited. Lease includes maintenance & wear and tear; wiper blades are...
Read more

Flying blind rarely feels good

A few weeks ago, I attended a blind dinner.A full menu – served in complete darkness. Everything was there: food, drinks, cutlery, service.Just not visible. Suddenly, completely new questions arose:How do I drink without knocking...
Read more

Why information security is not an IT project

“IT takes care of security.”One of the most common and dangerous misconceptions in companies. Information security is not an isolated IT project.It is a company-wide management issue. So who is actually responsible?Information security protects the...
Read more

NIS-2 meets GDPR: Is one notification sufficient, or is the next liability trap looming?

Recently at an NIS 2 workshop with a client’s management team.Topic: Reporting requirements for IT security incidents. The central BSI portal for reporting security incidents has recently been launched – which is good and right....
Read more

The wheat and the chaff: The two types of InfoSec advertising promises

In recent weeks, I have heard the same thing repeatedly in conversations with customers: The industry surrounding NIS-2 and ISO 27001 is currently a gold mine, and many are acting accordingly. The general sentiment can...
Read more

“I’ll do the rest with ChatGPT.” Why an ISMS is not a copy-paste project

About a year ago, a prospective customer said to me:“You know, Mr. Neeff, everything we need for our ISO 27001 ISMS documentation is now available for free on the internet. And I’ll do the rest...
Read more

Information security does not begin with ISO 27001, but with honesty.

Many believe that the core of effective information security lies in a particularly “good” or “beautiful” implementation of ISO 27001 or NIS-2. But the real success factor is something else: an honest assessment of the...
Read more

Security risk board of directors: When ignorance becomes a real vulnerability

As the threat escalates, a publicly traded corporation continues to cut corners on IT security, relying on hope rather than defense. The CISO? No influence. No budget. No team. Now the few employees are sick,...
Read more

Excel Dieter, PowerPoint Joe, and the management system chaos

Anyone involved in setting up and operating management systems—such as for information security in accordance with ISO 27001 (ISMS) or quality management in accordance with ISO 9001—is all too familiar with the scenario: Pages and...
Read more