January 19

Event takeaway: 1. IT-Grundschutz-Tag 2021


My key takeaways

  • Presentation of BSI-Standard 200-4 today, min 6 month RFC
  • BSI since 30 years, IT-Grundschutz since 27 years
  • Business continuity controls are often costly e.g. redundancy, … so BCM strategy should match business needs
  • Combining ISMS and BCM
    • ISMS: focussing of confidentiality, integrety and availability
    • BCM: availability highest priority
    • Combining the duty for BCM in the role of an ISO:
      • Advantage: synergies
      • Disadvantages: additional workload, so additional ressources required
  • Managing crisis ad hoc is a daunting task, stressful and may waste precious time to react. Implementing a BCMS might reduce stress and response times.
  • No BCMS will reflect all possible scenarios. This is no reason to not implement any BCM strategies, as it will at least cover the basics and the most probable risks.
  • The renewed standard 200-4 will provide a step model to match as many organizations as possible
  • Objective: increase the "Organizational resilience"

    Organizational Resilience is the organization’s ability to anticipate, respond and adapt to unexpected disruptions. (https://pecb.com/en/education-and-certification-for-individuals/iso-22316)

  • The ISO 22301 is normative, describing the what now how. The BSI 200-4 complies with ISO 22301 but gives also more advice on how to implement. Addtional tools will be provided to support implementation.
  • BSI 100-4 is compatible with 200-4; there will be a migration concept
  • In RL a lot of companies used colloboration tools and messanger apps during COVID-19 for crisis communication
    • good results and additional features (live stream on site) now easy possible
    • great acceptance from the BCM users as a well known tool in daily usage
    • data protection and privacy concerns are second priority in crisis situations where protecting humans or survival of an organization is first priority


additional links


BSI IT-Grundschutz, conference, event

You may also like

Unlock Effective Cybersecurity: Simplify Policies with the Clarity of the OSI Model

Unlock Effective Cybersecurity: Simplify Policies with the Clarity of the OSI Model

Leveraging Psychology in Cybersecurity: Strategies for SMEs

Leveraging Psychology in Cybersecurity: Strategies for SMEs
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}