M.2) Consolidate information security literature

Category:        Learning, Periodic

Responsible:   CSR, PSR

Effort:              high – hard to quantify

Based on:       IT Grundschutz M 3.5 / M 3.11 / M 3.49 / M 3.96

Based on the security knowledge of the CSR and PSR both responsibles need to gain knowledge on their assigned tasks. There are many good sources of information, like OWASP Top 10 [1], information security books ( [2], [3]), annual cyber security reports ( [4], [5]), IT Grundschutz catalogues [6], and many more.

This task is heavyweight and not something which can be executed in one piece (and within a few days). The CSR and PSR should keep informing themselves about information security related topics throughout the whole lifetime of the company. Important insights should be written down in the company’s information security folder/storage.


[1] The Open Web Application Security Project, “OWASP Top 10,” [Online]. Available: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project. [Accessed 2016 09 29].

[2] M. K. Harold F. Tipton, Information Security Management Handbook, CRC Press, 2007.

[3] L. Z. Hanqing Wu, Web Security – A WhiteHat Perspective, 6000 Broken Sound Parkway NW: CRC Press, 2015

[4] Symatec, “Annual Threat Report,” [Online]. Available: http://www.symantec.com/security_response/publications/threatreport.jsp. [Accessed 22 February 2016].

[5] Hewlett Packard, “HPE Security Research – Cyber Risk Report 2016,” 2016

[6] Bundesamt für Sicherheit in der Informationstechnik, “BSI IT Grundschutz Kataloge,” [Online]. Available: https://www.bsi.bund.de/DE/Themen/ITGrundschutz/ITGrundschutzKataloge/Inhalt/_content/allgemein/einstieg/01001.html. [Accessed 04 04 2016]



The information contained in this website is for general information purposes only. You can find more information about the accuracy of the information on the disclaimer and terms and conditions pages.