My key takeaways
- 3.BSI Grundschutztag was canceled
- ISMS = management in normal situations; BCM = management in crisis situations
- There is no statistic available yet, how security impacts have changed after getting certified by BSI Grundschutz
- BIA focusses primarily on availability where risk analysis questions why a system might not be available
- increasing combination of OT (operational technology) and IT (information technology) creates new threads
- besides the CIA triad, OT has to additional targets:
- reliability
- authenticity
- reliability and availability depend on each other but are also conflicting
- reliability means that an OT component is permanently available
- availability is hurt, if an OT component must be rebooted eg to patch it for a continuous reliability
- authenticity means that two components can communicate securely with each other
- SUC:
: system under consideration - One single ISMS for OT and IT is recommended
- The reporting of security incidents is less probable if an organization fears shame or the questioning of responsibility in the first place
- a report should not blame, but help stopping the problem, warn others and rebuild a secure state
- The definition of a security incident is very individual, depending on the risk awareness of an organization
- organization who have to report breaches by law (BSIG) have a dedicated online portal
- but also every company can report an incident online
- all reports are handled as confidential
Env
-
Provided by TÜV Informationstechnik GmbH
-
Provided by Bundesamt für Sicherheit in der Informationstechnik
-
Presenter:
Video
