Measure: NetworkSeparation


Secure installation and operation of different network security zones. Thus unauthorized entries into sensitive networks can be complicated. The aim is to ensure the integrity, authenticity and confidentiality of all data in the network.


This measure is dealing with the IT networks. The complete network setup, structure, changes or similar must be documented in detail. The network must be separated into different security zones (e.g. internal network, demilitarized zone [DMZ], external connections [including untrustworthy networks like the internet]). Different security zones should also be physically separated. Firewalls must separate the security zones. Clients and server must be located in different segments of the network. Sensitive information must be transferred by using state-of-the-art secure protocols.

Event type

Risk reduction mechanism

Action characteristics

event_ measures