ISMS and risk analysis
To achieve effective protection against cyber attacks you have to introduce and further develop an information security management system (ISMS). An ISMS encompasses technical, organisational as well as personnel aspects related to the successful provision of security measures. Operators of critical infrastructures are obliged by the IT Security Act to implement an ISMS.