SPRINGER VIEWEG — GERMAN EDITION — SEPTEMBER 2026
Der Praxisratgeber
The German-language practitioner's guide to building an information security management system that survives contact with the shop floor — from ISO 27001 and NIS2 to hands-on OT security. Every core chapter pairs the standard with a document blueprint and an OT practice transfer.
Fig. 1 — cover draft; final Springer artwork to follow.
The book
Industrial companies don't fail at information security for lack of standards — they fail in the gap between the standard and the plant. This guide closes that gap with a consistent three-pillar pattern in every core chapter:
I.
What ISO/IEC 27001, IEC 62443 and NIS2 actually require — read through an industrial lens, not a data-centre one.
II.
A concrete structure for the deliverable that proves it: scope, policies, SoA, risk register and more — ready to adapt.
III.
Where IT logic breaks on the shop floor — and what works instead, from patch windows to safety interlocks.
Written for CISOs and information security officers, ISMS and compliance managers, OT and automation engineers, auditors and consultants.
Part I — Method and foundations
Part II — Practice toolbox
The book is written in German. Chapter titles are shown here in English translation.
Companion tools
Each tool deepens one chapter of the guide: browser-based, vendor-neutral and ready to use in workshops. Chapter numbers reference the corresponding sections of the book; all links below open the English versions.
ch. 3.5
Methodically identify and prioritise the most critical OT assets — companion to the crown-jewels analysis.
ch. 8.4
Generate realistic tabletop exercise scenarios for OT incident management — train for the emergency before it happens.
ch. 9
Containment governance for OT incidents: record which systems must never be automatically isolated or shut down.
ch. 22
Define requirements for secure remote access and assess candidate solutions in a structured way — along IEC 62443-3-3, ISO/IEC 27001, NIST CSF 2.0 and NIS2.
ch. 22.2
Plan just-in-time remote maintenance along the four-stage model: access only when needed — traceable and time-boxed.
resilience
A test programme for whether critical processes can run autonomously for 72 hours — from credential caches to offline backups.
All tools are published openly on GitHub and run entirely in the browser — no data leaves your machine.
Articles
Regular contributions on cybersecurity, OT governance and compliance for Foundry outlets — CSO Online in English and German, syndicated to ITWorld Korea. The language of each piece is tagged.
2026
[EN] Why your AI strategy stops where the PLC starts: Hard lessons from the OT frontlines.
2025
[KO] CISO의 소프트 스킬, 이제는 없으면 안 되는 '파워 스킬'로. Korean edition: CISO soft skills are now indispensable "power skills".
[EN] The 5 power skills every CISO needs to master in the AI era.
[EN] What keeps CISOs awake at night — and why Zurich might hold the cure.
[EN] OT security: Why it pays to look at open source.
[KO] 컴플라이언스 위기를 막는 가장 확실한 전략, 서드파티 리스크 관리. Korean edition: The most reliable strategy against compliance crises — third-party risk management.
[EN] Third-party risk management: How to avoid compliance disaster.
[DE] IAM 2025: Diese 10 Trends entscheiden über Ihre Sicherheitsstrategie.
[DE] OT-Security: Warum der Blick auf Open Source lohnt.
2024
[DE] Was ist Cyber Threat Intelligence?
[DE] IoT-Devices: Security-Herausforderungen und Lösungen.
[DE] Third Party Risk Management: So vermeiden Sie Compliance-Unheil.
[DE] ISMS nach ISO 27001: Anforderungen und Umsetzung.
[DE] OT-Security: So schützen Sie Ihre Industrieanlagen.
In the press
Doppelbelastung: Projektmitarbeiter unter Druck — a Computerwoche careers feature (August 2012) on Frömling's MBA research into the double burden carried by staff who work projects on top of their line duties.
Upcoming on CSO Online: sovereign cloud strategy, non-human identities, and the containment paradox.