“Security builds trust”: Steering of internal security at Deutsche Telekom – holistically, convergent, integrated, risk-oriented & cooperative.
As part of the Management Board area of Technology & Innovation (V TI), the security function reassures the strategic steering regarding all security dimensions groupwide incl. data, information & cyber security as well as physical and personnel security, misuse detection and business continuity in a convergent , holistic and integrated security (management) approach. This approach is outlined in our Group Security Strategy derived from and contributing to our overall Group Strategy „Leading European Telco“. It aims at firmly and sustainably establishing security as success factor of Deutsche Telekom along „Protect, Enable & Monetize“:
- Protecting DT’s home turf along the value chain incl. people & processes, infrastructure & technology, products & services and data & information
- Enabling the business by security integration into daily life & work and as natural part of Deutsche Telekom’s DNA as well as
- Monetizing security via respective security product & service offerings via Telekom Security.
For internally steering security across the Group, the DT Security Governance Model has been established as guidance for enabling and assisting all people responsible for security in the various Group units and departments via respective Security Business Partners to assure adequately high level of security across Deutsche Telekom‘s footprint.
Along the Group Security Strategy & Governance Model, strategic focus topics are derived and identified annually based on respective risk-oriented analysis, strategic business projects & initiatives as well as future trends & opportunities. On this basis, annual security programs are set up by the security officers in the units as well as on Group level resulting in our Group Security Program.
In order to reassure adequate security levels groupwide, the Group Security Policy is in place which covers all aspects of security according to our holistic understanding of security convergence, interrelatedness & interdependency. Consequently, it includes all security dimensions ranging from data, information, IT-/NT- & cyber security to physical and personnel security as well as misuse detection and business continuity, incident, emergency & crisis management besides our common security management approach with respective roles & responsibilities based on international security standards, especially ISO 27000ff. The Group Security Policy is enacted throughout the Group via respective Management Board resolutions in the Group units. Along our common principles regarding Information Security Management Systems (ISMS), Business Continuity Management System (BCMS) as well as Enterprise Security Risk Management System (ESRM), the respective policy requirements are systematically implemented, continuously monitored & reviewed and further developed & improved on central as well as local levels.
As part of our Group Security Control Framework, all security officers regularly review the security situation, level and maturity via web-based self-assessments based on COBITmaturity model and evaluate centrally prioritized security risk scenarios. Based on these results, our Group Security Risk Landscape is derived, regularly reviewed and updated which also contributes to our overall Group Risk Management. Via spot checks, Security Audits are conducted in order to verify the respective self-assessments as well as assisting in identifying improvement measures.
For getting an overview about and at the same time reassuring the Groupwide level of security awareness and sensitivity, the Online Security Awareness Survey is conducted regularly with a sample of about 30% of Deutsche Telekom‘s employees. The annual Global Telekom Security Conference is the place, time and platform where strategic alignment, updates on latest developments and best practices are shared and discussed within our Deutsche Telekom Security community besides latest trends and insights also from business, political and societal perspectives via respective keynotes, workshops and/or market places. This is accompanied by our groupwide International Security intranet page & community on Deutsche Telekom‘s intranet – with way more than 600 active members one of the largest expert communities in the Group – and thereby fostering also the continuous and open exchange via virtual collaboration.