October 6

Event takeaway: 4. BSI Grundschutztag

Security

0  comments

My key takeaways

  • 3.BSI Grundschutztag was canceled
  • ISMS = management in normal situations; BCM = management in crisis situations
  • There is no statistic available yet, how security impacts have changed after getting certified by BSI Grundschutz
  • BIA focusses primarily on availability where risk analysis questions why a system might not be available
  • increasing combination of OT (operational technology) and IT (information technology) creates new threads
  • besides the CIA triad, OT has to additional targets:
    • reliability
    • authenticity
  • reliability and availability depend on each other but are also conflicting
    • reliability means that an OT component is permanently available
    • availability is hurt, if an OT component must be rebooted eg to patch it for a continuous reliability
  • authenticity means that two components can communicate securely with each other
  • SUC: : system under consideration
  • One single ISMS for OT and IT is recommended
  • The reporting of security incidents is less probable if an organization fears shame or the questioning of responsibility in the first place
    • a report should not blame, but help stopping the problem, warn others and rebuild a secure state
  • The definition of a security incident is very individual, depending on the risk awareness of an organization
  • organization who have to report breaches by law (BSIG) have a dedicated online portal

Env

Video

Slides

Tags

BSI IT-Grundschutz, IoT, OT

You may also like

Event takeaways: BSidesMeSh21 – day 1

My key takeaways Security in sprints vs whole security sprints? Smaller activities from the very beginning. It is not full time, but always ongoing. And maybe, if the situation is very tricky, entire sprints might be necessary, too. — Thomas Fricke Kubernetes does its best to be secure inside. Unfortunatly it is not configured so

Read More

Event takeaway: 2. IT-Grundschutz-Tag 2021

My key takeaways Digitalization and cyber secuirty goes hand in hand Hafnium BSI: about 10k Exchange server affected in DE by Hafnium Remediation advices almost everybody who exposed OWA Save personalized settings before starting! patch = Exchange admin rights required) look in IIS for Github fragments in Inetpub folder #DEVSECOPS is the mandatory development system,

Read More
Leave a Comment