The effectiveness of security plans and security measures needs to be constantly validated under operational and threat scenarios. Plans are reviewed and formal information system audits are conducted for this purpose. These can be supplemented by verification and penetration tests for assessing the suitability, robustness and reliability of measures for protecting the flow of information.

A central task performed by information management and information security management is to design and improve control and performance delivery procedures in the field of information and communication technologies (ICT). This includes continuously and comprehensively assessing strategy, objectives and outcomes, and the potential risks to the ICT function.

The Armed Forces are reliant on precisely targeted monitoring of developments in technology with respect to threats. Scenarios which include possible courses of action and sustainable, risk-based protective measures are defined for the long term. To achieve this, we design and implement prototypes and demonstrators. This allows decision-makers, developers and users to close the gap between aspirations and specific requirements and to manage complexity.