How the Church effectively protects its sensitive data

New security breaches and attacks on information at well-known companies and organisations become known almost daily. Incidents such as the break-in into the network of the German Bundestag in 2016 or the hack of Vatican News in spring 2018 show that no organisation is safe from attacks and the resulting damage to its reputation. What exactly is information security and why is this topic important for church bodies?

The term information security refers to methods and practices for protecting information with regard to the three protection goals of confidentiality (protection against unauthorised acquisition of information), integrity (protection against unnoticed and unauthorised modification of data) and availability (protection against unauthorised impairment of usability and functionality). 

The subject of this is all information requiring security, whether originating from oral or written sources, whether written on paper or stored in files. In addition to IT measures, information security also includes organisational rules for handling information. Due to increasing digitalisation, many processes within a church administration are dependent on a functioning IT landscape and communication technology. Information security is therefore becoming increasingly important.

The security of critical information can only be achieved through active information security management. This requires the implementation of an information security management system (ISMS) with effective processes, procedures and measures. The globally recognised and only internationally certifiable standard ISO 27001 provides an ideal basis for establishing, operating and continuously optimising an ISMS. An important part of this is the establishment of risk management. This should systematically identify information security risks, evaluate them according to clearly defined criteria and develop countermeasures.

The ISMS also supports the technical and organisational measures required by the new church data protection regulations to ensure the ability to permanently guarantee the confidentiality, integrity, availability and resilience of systems and services in connection with the processing of personal data.

Please feel free to contact our experts on questions of information security and data protection.