Why and when did security awareness and management in a company achieve a value in and of itself?

Joseph Paulik: The threats that a company is exposed to are very numerous and complex. They range from natural disasters, social and economic instability, and economic espionage to terrorism. In addition, in recent decades the global network infrastructures have developed at a tremendous pace. They offer hugely diverse networking opportunities, but due to their complexity and the availability of the technology, they also involve risks.

This is why it's in every company's interest to create a security management system from the very day it's founded. And one of the related tasks is to ensure that there's adequate security awareness within the firm because its success depends to a great extent on the security measures taken.

At issue are the protection of the employees, clients, material and non-material assets, and assuring continuity of the business in case of a security incident. Clients' trust is based largely on their perception of the security mechanisms the firm has in place on their behalf. Privacy when dealing personal customer information is only one example of many.

How can companies increase the security awareness and competence of their employees?

Joseph Paulik: To do this, the firm's security management team has to create a tailor-made security concept. At Deutsche Telekom, security communication is designed as part of a holistic security approach addressed to both staff and management, for example by means of intranet portals, information tools, newsletters, and events. Campaigns are undertaken for specific priority topics.

We promote staff's security expertise in particular through eLearning training events that are rolled out to specific target groups. In collaboration with their departments, the offer can be extended to encompass a particular type of risk and adjusted to what is appropriate for the team of employees.

Periodic assessments enable us to determine whether the measures were successful or need to be intensified.

What is Deutsche Telekom planning in this realm? When and where are these measures to be implemented?

Joseph Paulik: The measures I've mentioned have all been implemented already, are used on a daily basis, and are regularly updated. Our employees always have access to security information.

This summer we also ran a campaign on "social engineering" to make the employees aware of the related dangers.

Deutsche Telekom's activities operate in accordance with the international security standard ISO IEC 27001.

What experience have you already gained in this project?

Joseph Paulik: The results of our annual online awareness survey indicate that our domestic and international measures have already enabled us to reach a high security level in the group. We monitor this continuously and continue to improve.

We are convinced that security can only be ensured through a cooperative approach, and this is why we plan to pursue it further and actively advocate collaboration in security issues beyond our corporate boundaries.