„C16 Security“ ändern

C16-Security.md

@@ -4,17 +4,17 @@ For supporting the levels of the required security for data, metadata and enviro
 #### C16.2. The IT security system, employees with roles related to security and any risk analysis approach in use.
 The IT security system has several different types of employees and roles which are involved to manage the IT security system and perform the risk analyses. This means that there are different roles involved in the IT of Geosphere Austria.
 
-The Information Security Analyst is responsible for  identifying and managing security risks, as well as developing and implementing security policies and procedures.
+* The Information Security Analyst is responsible for  identifying and managing security risks, as well as developing and implementing security policies and procedures.
-The Network Security Engineer is an expert in designing and implementing security measures to protect computer networks from cyber attacks.
+* The Network Security Engineer is an expert in designing and implementing security measures to protect computer networks from cyber attacks.
-The Security Architect is responsible for designing and implementing security systems, as well as ensuring that all security policies and procedures are being followed.
+* The Security Architect is responsible for designing and implementing security systems, as well as ensuring that all security policies and procedures are being followed.
-The Administration Team is there to analyze and monitor security data to identify treads and vulnerabilities, and respond to security incidents as needed. They help the organization to develop security strategies and plans. They are also responsible for overseeing all aspects of an organization's security program, including risk management, compliance, and incident response.
+* The Administration Team is there to analyze and monitor security data to identify treads and vulnerabilities, and respond to security incidents as needed. They help the organization to develop security strategies and plans. They are also responsible for overseeing all aspects of an organization's security program, including risk management, compliance, and incident response.
 
 #### C16.3 Measures in place to protect the facility. How the premises where digital objects are held area secured.
 To premise where digital objects are held there is a multi-layered security system implemented that includes physical, electronic, and procedural controls.
-
+* 
-The Physical security measures include  surveillance cameras, access control systems, and perimeter security to prevent unauthorized entry.
+* The Physical security measures include  surveillance cameras, access control systems, and perimeter security to prevent unauthorized entry.
-The Electronic security measures include the firewall, intrusion detection system, and encryption to protect digital data from cyber threats.
+* The Electronic security measures include the firewall, intrusion detection system, and encryption to protect digital data from cyber threats.
-The Procedural controls include security policies and procedures, employee training, and background checks to ensure that everyone who has access to the digital objects follows the appropriate security protocols.
+* The Procedural controls include security policies and procedures, employee training, and background checks to ensure that everyone who has access to the digital objects follows the appropriate security protocols.
 
 #### C16.4 Any security-specific standards the repository references or compiles with.
 We have one of the most well-known standards at the moment: ISO/IEC 27001. This is a standard that provides a framework for establishing, implementing, maintaining, and continually improving information security management systems.