IT Security Officer


For operators of so-called critical infrastructures, the designation of an IT security officer can be a legal obligation. Even if this is not the case, particular importance must be attached to the security of IT systems. An IT security officer can be important for the development of a company in consideration of risk provisioning and liability avoidance.

Although the tasks are not explicitly regulated by law, the IT security officer covers certain areas due to their professional competence. The distinction between the tasks of the data protection officer and the IT security officer is of great importance for a central management approach, but in individual cases it is often difficult.

The IT security officer

At first sight, the work of an IT security officer is similar to that of a data protection officer and includes, in particular, the examination and assessment of facts, controls and advice with regard to IT security issues. According to MORGENSTERN’s interdisciplinary consulting approach, you avoid duplicate effort as the information already collected from privacy consulting additionally benefits an IT security officer.