TEN Information Management GmbH

Blog

News about information & data security, as well as about TEN Information Management GmbH

Vocabulary related to information security – a basic prerequisite for mutual understanding!

In practice and in marketing, misleading terminology is often encountered in connection with information security standards such as ISO 27001 and SOC 2. This imprecise use not only leads to misunderstandings, but can also undermine...
Read more

Collective irresponsibility in the supply chain: Why information security often fails during supplier onboarding

In theory, it sounds simple: suppliers are selected according to defined criteria, risks are assessed and then selected. In practice, things are usually different. Especially when onboarding suppliers, there is often a pattern of collective...
Read more

The policy problem: Why nobody reads policies anymore – and how we can change that

The “policy problem” plagues many companies and has become an annoying reality: There are countless policies on almost every topic, but hardly anyone knows which ones are relevant to him or her. This is particularly...
Read more

ISO 42001: AI Risk Assessment vs. AI System Impact Assessment

AI Risk Assessment vs. AI System Impact Assessment: according to ISO 42001 ISO 42001, the international standard for AI management systems, requires organizations to conduct both an AI Risk Assessment and an AI System Impact...
Read more

Pseudo-IT security – promoted and demanded by the CIO

I recently had an initial meeting with an interested party – a large medium-sized company from the manufacturing industry. The CIO reported that they had already implemented various IT security measures and now felt it...
Read more

IT security in the banking environment: How banks are doing IT security a disservice (and driving customers away)

The following report is so unbelievable that it could have come from the famous Paulaner garden – if I hadn’t known the person concerned for over 10 years. That’s how I know that what I’ve...
Read more

Synergies between ISO 27001 and ISO 42001: a holistic approach to information security and AI management

Synergies between ISO 27001 and ISO 42001: a holistic approach to information security and AI management The recently published ISO 42001 marks a significant milestone for the methodical use of artificial intelligence (AI) in companies....
Read more

The sense and nonsense of compliance automation platforms

When looking for tools to help you implement ISO 27001 or SOC 2, you will also come across so-called (compliance) automation platforms that promise to take up to 90% of the work off your hands...
Read more

The dark side of video surveillance: How poorly implemented surveillance jeopardizes IT security

Video surveillance is a common means of increasing security in companies. It is intended to prevent theft, protect employees and create a safe working environment overall. But what happens when video surveillance itself becomes a...
Read more

Bureaucracy in the company, part 98765: Travel expense accounting

I recently met a colleague who is CISO at a large corporation in Germany. In addition to all kinds of technical topics, at some point during the conversation we also got to talking about the...
Read more