ebook img

Guide Cyber Security Check PDF

52 Pages·2014·0.65 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Guide Cyber Security Check

Guide Cyber Security Check A Guide for the Implementation of Cyber Security Checks in Companies and Government Agencies CYBER SECURITY CHECK | CONTENTS Table of Contents Alliance for Cyber Security 3 Federal Offce for Information Security 4 ISACA Germany Chapter e.V. 5 Cooperation BSI / ISACA 6 1 Introduction 8 2 Introduction to cyber security 12 2.1 What is cyber security? 12 2.2 Cyber attacks and Advanced Persistent Threats (APTs) 13 2.3 Effects of cyber crime on organisations and society 14 2.4 Cyber security strategy pursued by the Federal Govern­ ment 15 3 Basic Principles of the Cyber Security Check 18 4 Implementation of a Cyber Security Check 23 4.1 Object to be assessed 23 4.2 Approach 23 4.2.1 Implementation quality / personal certifcate 26 4.3 Assessment methods 27 4.4 Binding safeguard objectives 27 4.5 Assessment scheme 28 1 CYBER SECURITY CHECK | CONTENTS 4.6 Preparing the assessment report 29 5 Glossary and Defnition of Terms 34 6 References 37 7 Safeguard Objectives 40 2 CYBER SECURITY CHECK | ALLIANCE FOR CYBER SECURITY Alliance for Cyber Security The Alliance for Cyber Security, started at the CeBIT 2012 trade fair, is an initiative of the Federal Offce for Information Secu­ rity (BSI), which was founded in collaboration with the Federal Association for Information Technology, Telecommunications and New Media (BITKOM). As an association of important players in the feld of cyber security in Germany, the Alliance aims at increasing cyber secu­ rity in Germany and strengthening the resistance of Germany against cyber attacks. The Alliance for Cyber Security supports the exchange of information and experiences between the different players from industry, administration and science and, based on this, is continuously expanding a substantial know­ ledge base. Enterprises are encouraged to actively play a part in the Alli­ ance for Cyber Security and to boost the exchange of experi­ ences. By reporting to the BSI which new threats or IT security incidents the companies are confronted with, they contribute to the development of a complete overview of the situation and help to be able to act against cyber attacks in an even more pur­ poseful manner. At the same time, the companies also beneft from jointly gained knowledge and experiences. 3 CYBER SECURITY CHECK | THE BSI Federal Offce for Information Security With its headquarters in Bonn, the Federal Offce for Informa­ tion Security was founded on 1 January 1991 and is part of the Federal Ministry of the Interior. With currently around 600 employees and a total budget of 88 million euro, the BSI is an independent and neutral body dealing with matters of IT security in Germany‘s information society. In this respect, the services offered by the government agency are aimed both at the public administration of federal, state and local governments and at enterprises and citizens. The BSI examines and assesses existing IT security risks and evaluates the effects of new developments. The BSI increasingly observes a large number of targeted and untargeted cyber attacks. Based on this, the BSI draws conclusions with respect to the improve­ ment of IT security in Germany. The BSI develops for example, minimum standards and recommendations for action regar­ ding IT and Internet security for different target groups in order to ensure that risks are prevented from arising in the future. „Today, no industry and no company can consider themselves safe from cyber attacks. This is shown by the numerous incidents in the recent past.“ Dr. Hartmut Isselhorst, President of the Cyber Security Department, BSI 4 CYBER SECURITY CHECK | ISACA GERMANY CHAPTER E.V. ISACA Germany Chapter e.V. ISACA Germany Chapter e.V. is the German branch of the worldwide leading professional association of IT auditors, IT security managers and IT governance offcers. The association was founded in 1986 and, with more than 2,300 members, is part of the international ISACA association, to which more than 100,000 experts in more than 180 countries worldwide be­ long. The aim and purpose of the association is to promote the better understanding of the problems in the feld of IT auditing, IT security and IT governance through discussions and the exchange of information between the members and interested parties and to inform all members and interested parties of these experiences through publications and seminars as well as to support and supplement the contacts between the mem­ bers and interested parties through social events. In addition to this, the association is intended to contribute to the promotion of the job profle of IT auditors, IT security managers and IT governance offcers. „In the light of the current developments, it is more important than ever to be the mas­ ter of one‘s own data. Only if organisations are able to protect their knowledge, will they maintain their competitive edge.“ Andreas Teuscher, Vice-President, ISACA Germany Chapter e.V. 5 CYBER SECURITY CHECK | COOPERATION BSI/ISACA Cooperation BSI / ISACA This guide was jointly developed by ISACA Germany Chapter Working Group Information Security and BSI experts. By me­ ans of this active partner contribution, ISACA Germany Chapter e.V. documents that it supports the objectives pursued by the Alliance for Cyber Security with its good reputation, the resour­ ces available and the expert knowledge of its members. 6 1 I ntroduction 7 C Y B E R S EC U R I T Y C H EC K | I N T R O D U C T IO N 1 Introduction Today, most business processes depend on the reliable and proper functioning of information and communication tech­ nologies. Therefore, many rating agencies already evaluate in­ formation security as part of a company‘s operational risks. The actual threats as well as the amount of damage resulting from successful cyber attacks are not always obvious: For example, the consequences of a know-how theft might only be recognis­ ed at a much later point in time. According to surveys, more than 70 percent of larger compa­ nies in Germany have already been affected by cyber attacks. In this context, the number, complexity and professionalism of the attacks are increasing. The opinion that is nevertheless still widespread in many companies „Well, nothing has happened so far“ might thus quickly result in serious problems if the existing security concepts are not adjusted continuously and adequately to the changed threat situation. Irrespective of this, the number of threats is growing continuously, which is also rapidly increa­ sing the likelihood of a company or a government agency being affected by a cyber attack. Depending on the degree of depen­ dency on IT, the business activities of an organisation can be brought to a complete halt – with all the consequences related to this. Thus, cyber security should be given top priority. The threats from cyberspace are real. In order to respond to cyber attacks effectively, an intensive cooperation between the state, economy and associations is required. The challenge now is to pool the existing knowledge in order to be prepared when faced with new attack scenarios. For this reason, the Federal Offce for Information Security and ISACA Germany Chapter e.V. decided to jointly develop a practical approach for the assessment of cyber security in companies and government agencies. The „Cyber Security Check“ helps to determine the cyber security status based on the cyber security exposure (see [ACS2]) and thus to respond to current threats from cyberspace effectively. The basis of each 8

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.