In practice IT-Security requires individual strategies and concepts. Academic a proper IT-Security Management framework based, for example, on international norms such as ISO/IEC 27000+. Evaluations and certifications of IT-systems are typically based on international norm ISO/IEC 15408. IT-security is much more effective if it is implemented in compliance with these standards.