Event takeaway: 1. IT-Grundschutz-Tag 2021

My key takeaways

• Presentation of BSI-Standard 200-4 today, min 6 month RFC
• BSI since 30 years, IT-Grundschutz since 27 years
• Business continuity controls are often costly e.g. redundancy, ... so BCM strategy should match business needs
• Combining ISMS and BCM
  • ISMS: focussing of confidentiality, integrety and availability
  • BCM: availability highest priority
  • Combining the duty for BCM in the role of an ISO:
    • Advantage: synergies
    • Disadvantages: additional workload, so additional ressources required
• Managing crisis ad hoc is a daunting task, stressful and may waste precious time to react. Implementing a BCMS might reduce stress and response times.
• No BCMS will reflect all possible scenarios. This is no reason to not implement any BCM strategies, as it will at least cover the basics and the most probable risks.
• The renewed standard 200-4 will provide a step model to match as many organizations as possible
• Objective: increase the "Organizational resilience"

  Organizational Resilience is the organization’s ability to anticipate, respond and adapt to unexpected disruptions. (https://pecb.com/en/education-and-certification-for-individuals/iso-22316)

• The ISO 22301 is normative, describing the what now how. The BSI 200-4 complies with ISO 22301 but gives also more advice on how to implement. Addtional tools will be provided to support implementation.
• BSI 100-4 is compatible with 200-4; there will be a migration concept
• In RL a lot of companies used colloboration tools and messanger apps during COVID-19 for crisis communication
  • good results and additional features (live stream on site) now easy possible
  • great acceptance from the BCM users as a well known tool in daily usage
  • data protection and privacy concerns are second priority in crisis situations where protecting humans or survival of an organization is first priority

Env

• Provided by HiSolutions AG
• Presenter
  • Holger Schildt, BSI
  • Daniel Gilles, BSI
  • Cäcilia Jung, BSI
  • Marcel Lehmann, HiSolutions
  • Claudia Krüger, DZ Bank Gruppe
  • Thorsten Scheibel, DZ Bank Gruppe
  • Uwe Grams, HiSolutions
  • Sandro Amendola, BSI
  • Göran Thälker, Fiege Logistik
  • Jan Trulley, Fiege Logistik
  • Thomas Jager, Stadtwerke Saarbrücken
  • Jürgen Neuhuber, Zalando
• Moderator Stefan Nees, Hisolutions AG
• Slides:
  • Vom IT-Grundschutz zum BCMS - BSI - Bund.de
  • Vorstellung des modernisierten BSI-Standards 200-4 BCM
  • Vom IT-Grundschutz zur organisatorischen Resilienz
  • Operative Widerstandsfähigkeit - Impulsvortrag zu Anforderungen, Stand und Handlungsbedarf ; DZ Bank Gruppe
  • Cyber Incident Response Erfahrungsbericht
  • Krisenstabsübung remote – Lehren aus der Corona-Krise
  • Agilität & Resilienz - Krisenmanagement bei Zalando

additional links

• http://www.bsi.bund.de/gs-standard200-4
• recordings: