October 6

Event takeaway: 4. BSI Grundschutztag

0  comments

My key takeaways

  • 3.BSI Grundschutztag was canceled
  • ISMS = management in normal situations; BCM = management in crisis situations
  • There is no statistic available yet, how security impacts have changed after getting certified by BSI Grundschutz
  • BIA focusses primarily on availability where risk analysis questions why a system might not be available
  • increasing combination of OT (operational technology) and IT (information technology) creates new threads
  • besides the CIA triad, OT has to additional targets:
    • reliability
    • authenticity
  • reliability and availability depend on each other but are also conflicting
    • reliability means that an OT component is permanently available
    • availability is hurt, if an OT component must be rebooted eg to patch it for a continuous reliability
  • authenticity means that two components can communicate securely with each other
  • SUC:
    : system under consideration
  • One single ISMS for OT and IT is recommended
  • The reporting of security incidents is less probable if an organization fears shame or the questioning of responsibility in the first place
    • a report should not blame, but help stopping the problem, warn others and rebuild a secure state
  • The definition of a security incident is very individual, depending on the risk awareness of an organization
  • organization who have to report breaches by law (BSIG) have a dedicated online portal

Env

Video

Slides


Tags

BSI IT-Grundschutz, IoT, OT


You may also like

Event takeaways: BSidesMeSh21 – day 1

Event takeaways: BSidesMeSh21 – day 1

Event takeaway: 2. IT-Grundschutz-Tag 2021

Event takeaway: 2. IT-Grundschutz-Tag 2021
Leave a Reply

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit markiert.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}