January 19

Event takeaway: 1. IT-Grundschutz-Tag 2021

Security

0  comments

My key takeaways

  • Presentation of BSI-Standard 200-4 today, min 6 month RFC
  • BSI since 30 years, IT-Grundschutz since 27 years
  • Business continuity controls are often costly e.g. redundancy, ... so BCM strategy should match business needs
  • Combining ISMS and BCM
    • ISMS: focussing of confidentiality, integrety and availability
    • BCM: availability highest priority
    • Combining the duty for BCM in the role of an ISO:
      • Advantage: synergies
      • Disadvantages: additional workload, so additional ressources required
  • Managing crisis ad hoc is a daunting task, stressful and may waste precious time to react. Implementing a BCMS might reduce stress and response times.
  • No BCMS will reflect all possible scenarios. This is no reason to not implement any BCM strategies, as it will at least cover the basics and the most probable risks.
  • The renewed standard 200-4 will provide a step model to match as many organizations as possible
  • Objective: increase the "Organizational resilience"
    Organizational Resilience is the organization’s ability to anticipate, respond and adapt to unexpected disruptions. (https://pecb.com/en/education-and-certification-for-individuals/iso-22316)
  • The ISO 22301 is normative, describing the what now how. The BSI 200-4 complies with ISO 22301 but gives also more advice on how to implement. Addtional tools will be provided to support implementation.
  • BSI 100-4 is compatible with 200-4; there will be a migration concept
  • In RL a lot of companies used colloboration tools and messanger apps during COVID-19 for crisis communication
    • good results and additional features (live stream on site) now easy possible
    • great acceptance from the BCM users as a well known tool in daily usage
    • data protection and privacy concerns are second priority in crisis situations where protecting humans or survival of an organization is first priority

Env

additional links

Tags

BSI IT-Grundschutz, conference, event

You may also like

Boosting Cybersecurity in German SMEs with Gamification and Serious Play

TL;DR Gamified cybersecurity training offers an engaging and effective way to improve security awareness and practices within German SMEs. The ALARM Information Security project demonstrates the success of integrating gamification into training, enhancing retention and understanding of cybersecurity principles. By leveraging customized game scenarios, regular workshops, and participatory feedback loops, SMEs can bolster their cybersecurity

Read More

Unlock Effective Cybersecurity: Simplify Policies with the Clarity of the OSI Model

TL;DR Diving into the essence of effective cybersecurity, this article shines a light on the transformative power of simplifying policy language, inspired by the OSI model’s structured communication layers. It goes beyond theoretical insights, offering actionable strategies for CISOs to demystify complex jargon and make cybersecurity policies accessible and engaging for every team member. Highlighting

Read More
Leave a Comment