Vineyard Management Consulting GmbH has published the book "Information Security - Smart Solutions for New Threats and Extended Regulation":

In a world with further new global crises and new types of threats, it is more important than ever to be prepared. This also applies to an unprecedented extent to cyberspace, the protection of which is becoming increasingly important. The diversity and intensity of hacker attacks have never been greater, not least as a result of geopolitical changes and current crises.

In line with the general trend towards greater threats and the increasing dependency of the economy on IT, most countries have continuously introduced corresponding laws and regulations for more effective information security in order to systematically protect critical infrastructures and thus the state and companies.

DORA and NIS2 are probably the best-known examples of innovations and extended protection requirements in the EU at the moment. In practice, cybersecurity has already largely been adapted to the new world: Investments in cybersecurity have continued to increase in recent years,

mostly as a result of specific incidents that are no longer allowed to happen or prescribed measures by internal/external audits. Another driver for cyber programs is certainly the ever-increasing use of the cloud, especially in regulated industries, albeit with a slight time lag.

The first article in this book starts directly with the topic of NIS2. The focus is on a targeted introduction of the requirements for critical infrastructures, especially for the target group of medium-sized companies.

Following on from US legislation, the new legislation on whistleblowing is now, somewhat belatedly, also becoming mandatory within the EU through corresponding legislation in Germany. This article outlines the main challenges and suitable approaches that companies should take in this regard.

The next article deals with the use of cyber frameworks for strategy implementation and risk management. Some of the most important frameworks (NIST and SANS20/CIS) will be analyzed in the context of practical examples. The article attempts to show ways in which the topic of risk management based on NIST can also be implemented consistently for unstructured data in order to achieve the best possible protection based on risk-based approaches.

This is followed by an article on security in the cloud. After a general look at the requirements, the article discusses specific best practices and tools for the Microsoft Azure Cloud, before concluding with the question “How secure is cloud security?”

A relatively high level of expenditure in the cyber security programs of recent years has rightly been invested in identity and access management. This topic will continue to gain in importance due to the increasing use of unstructured data with partners, customers and within 3rd party services, as this information must also be kept under control and managed according to risk. This article on IAM looks at the various disciplines that are relevant for holistic IAM and presents some of the most important approaches and tools.

With the publication of the first detailed requirements this year, the topic of DORA has been given even higher priority than in the previous year, especially as implementation must be completed by the end of 2024. In order to ensure the resilience of financial institutions and third-party ICT service providers, the key requirements and challenges are discussed and corresponding approaches and procedures for implementation are provided.

According to the authors, it is more important than ever for all companies not to lose track of the legal requirements and to develop smart solutions that address the relevant risks. It is important to always keep an eye on residual risks in order to be able to operate information security at the required security level in a timely and targeted manner with already established partners and to develop it strategically and operationally.


Vineyard Management Consulting GmbH, Carsten Fabig and Alexander Haasper.


Hans-Jörg Vohl (Project Management Partners Vohl & Partner), Rainer Sponholz (Vineyard Management Consulting GmbH), Laura Beckervordersandforth (Vineyard Management Consulting GmbH), Alexander Haasper (Vineyard Management Consulting GmbH), Yoan Petrov (Actegro GmbH), Dimitar Dimitrov (Vineyard Management Consulting GmbH), Carsten Fabig (Vineyard Management Consulting GmbH), Laura Dinis (Vineyard Management Consulting GmbH).

Buy now via Amazon Bookstore