A regulatory framework for cyber security in the various sectors of the economy is currently emerging. One prerequisite is always information security. International standard ISO 27001, for example, specifies that companies must develop processes and rules within their organization that can be used to control and continuously improve information security in connection with IT processes and components. An information security management system (ISMS) of this kind covers all internal and external business processes. For example, interfaces with and dependencies on other companies must be documented. Likewise, there must be a plan for dealing with risks as well as security targets for functions and hierarchy levels.