Objective: For project implementation, it is important to consider the information security requirements. This applies to projects within the organization regardless of their type. By appropriately establishing the information security process in the project management procedures of the organization, any overlooking of requirements is prevented.
Requirements (must): Projects are classified while taking into account the information security requirements.
Requirements (should): The procedure and criteria for the classification of projects are documented.
During an early stage of the project, risk assessment is conducted based on the defined procedure and repeated in case of changes to the project.
For identified information security risks, measures are derived and considered in the project.