Notice: Die Funktion wp_register_script wurde fehlerhaft aufgerufen. Nicht erkannte(r) Schlüssel im Parameter $args: defer. Unterstützte Schlüssel: strategy, in_footer, fetchpriority, module_dependencies Weitere Informationen: Debugging in WordPress (engl.). (Diese Meldung wurde in Version 7.0.0 hinzugefügt.) in /var/www/vhosts/mgm-sp.217-154-231-6.plesk.page/httpdocs/wp-includes/functions.php on line 6170

Notice: Die Funktion wp_register_script wurde fehlerhaft aufgerufen. Nicht erkannte(r) Schlüssel im Parameter $args: defer. Unterstützte Schlüssel: strategy, in_footer, fetchpriority, module_dependencies Weitere Informationen: Debugging in WordPress (engl.). (Diese Meldung wurde in Version 7.0.0 hinzugefügt.) in /var/www/vhosts/mgm-sp.217-154-231-6.plesk.page/httpdocs/wp-includes/functions.php on line 6170
Information security – not just an IT issue, but a shared responsibility – mgm security partners
Notice: The wp_enqueue_script function was incorrect Called. Unrecognized key(s) in the $args parameter: async. Supported keys: strategy, in_footer, fetchpriority, module_dependencies. For more information: Debugging in WordPress. (This message was added in version 7.0.0.) in /var/www/vhosts/mgm-sp.217-154-231-6.plesk.page/httpdocs/wp-includes/functions.php online 6170

Information security – not just an IT issue, but a shared responsibility

April 17, 2025 |
Tags: Information Security
Kategorie: News

“Information security is the responsibility of IT.”

We encounter this statement in many organizations, and unfortunately, it falls short.

Information security affects the entire company.

It involves not only technology but also processes, people, and decisions.
It's not just about firewalls and updates, but also risk awareness, clear responsibilities, and effective structures.

Why is this important? Because information is generated throughout the company, and risks do not stop at departmental boundaries.

Here are some typical examples from our consulting practice:

  • In the HR department, employee information is processed, often without clear regulations regarding storage, access, or emergency measures.
  • In specialist departments and projects, new processes are created daily, but a risk assessment or security review is rarely included.
  • In collaboration with service providers and suppliers, it often remains unclear which security standards are actually adhered to, an underestimated risk along the supply chain.
  • The IT department handles technical protective measures, but without the backing of processes, compliance requirements, and lived awareness, blind spots arise.
  • In management, strategic decisions are pending, but a clear security strategy is lacking, therefore information security cannot be effectively managed.

If information security continues to be seen exclusively as an IT issue, the following will arise:

  • Gaps in governance and a lack of responsibilities.
  • Unclear reactions in the event of a crisis.
  • Reputational and liability risks, especially in the context of new regulatory requirements such as NIS2 or DORA.
  • No clear roadmap for sustainable improvement.

Our approach

Information security must be thought of company-wide, strategically, structurally, and integrated.
Together with our customers, we develop practical security concepts, create clarity about roles and risks, and help to anchor information security sustainably and effectively.

A good start: an initial gap assessment.

Together with you, we analyze the status quo of your information security based on common standards such as ISO 27001, TISAX, depending on your company context.
You will receive concrete recommendations on where action is needed and how you can specifically raise your security level to the next level, practically, understandably, and with a view to your industry.

Please do not hesitate to contact us if you would like to strategically and effectively anchor information security in your company. We will help you with experience, at eye level, and with a clear plan.

The author

Maximiliane Mayer

Maximiliane Mayer has over 10 years of experience in IT security – from penetration testing to application security to information security and data protection. As Head of Information Security Consulting at mgm security partners GmbH, she supports companies in implementing their security requirements simply, flexibly, and efficiently.