The following measures and safeguards are strongly tailored to the needs, requirements, constraints and resources of the target audience (Internet and software startups in early stages). They cover the most important topics and should provide a solid start. I want to motivate companies to focus on information security from the first day on. Therefore these measures can also be implemented by companies which are operated by only one or two persons. Once the company grows or there is need for more advanced information security handling, the practices described here should be a solid basis for a later implementation of standards like BSI IT Grundschutz or ISO/IEC 27001.
In my opinion it doesn’t make sense to copy or redefine existing and approved information security content. Therefore some measures contain links to further information or to existing standards. Those provide more detailed information on the different kind of threats related to a safeguard and information on how measures can be implemented. Therefore all measures in this guide are kept general and also can be read and understood by non-technicians.
Each of the safe guards is a measure a software/Internet startup should implement (from 1 up to 28). They are chronologically ordered and also prioritized. For assigning responsibilities to persons I have used 2 project roles: The Corporate Security Responsible (CSR) and the Product Security Responsible (PSR). The two roles are described in this blog post.
The information contained in this website is for general information purposes only. You can find more information about the accuracy of the information on the disclaimer and terms and conditions pages.