Business

Cyber ​​Risk: New BSI Standard for Business Continuity Management

Pinterest LinkedIn Tumblr

Cyber ​​risks are among the top dangers in German companies. These must be taken into account in particular in the context of emergency management. The Federal Office for Security and Information Technology (BSI) supports with its standards u.a. the establishment of emergency management in public authorities and companies, with the aim of ensuring the continuity of business operations. Now there is a renewal of the previous BSI standard 100-4 because with the BSI standard 200-4, a modernization of the previously known standard is approaching the industry. We find out what’s behind this in an interview with Daniel Gilles, Section SZ 13 – IT-Grundschutz at the Federal Office for Information Security.

The danger posed by cyber risks is constantly increasing. How is the insurance industry prepared against this?

The danger posed by cyber risks is constantly increasing. How is the insurance industry prepared against this?

From the BSI perspective, a holistic strategy is required to prepare institutions sustainably for dealing with cyber risks. Individual measures or time-limited projects can be an occasion or starting point, but considered alone are no longer sufficient to protect companies in the insurance industry against cyber risks.

In order to make institutions more resilient to cyber risks, two management systems have required that anchor the topics of information security and emergency management in companies. A management system for information security toughens information security (i.e. primarily preventive), whereas an emergency management system ensures the ability to act in the event of a cyber incident (i.e., more reactive).

With IT-Grundschutz, the BSI has been offering a standard work on cybersecurity for both management systems that have been established for 25 years and is a method, instruction, recommendation, and standard in one. The IT-Grundschutz can be used for all companies that want to protect their IT systems, data networks, and thus their business processes using state of the art in digitization times. The IT-Grundschutz is compatible with the established international standards (ISO 27001 for information security and ISO 22301 for BCM / emergency management) and also offers more specific instructions for implementation and others for standardized use cases, as there are in numerous companies in the insurance industry Aids such as IT-Grundschutz Profiles.

Why is a new standard being developed or the current 100-4 being revised?

With a brief look at the history of the standard landscape in the area of ​​BCM / emergency management, it can be stated that the BSI standard 100-4 was a very early standard for general emergency management in an international comparison, which is not limited to IT. It was published in 2008, four years before the internationally relevant ISO standard 22301. The BSI standard 100-4 is already compatible in its current form with ISO 22301 and is still the BSI recommendation until the publication of the BSI standard 200 -4.

Nevertheless, in the course of time, the need for further user support has emerged, which we addressed in a first step with the implementation framework (UMRA). This offers detailed instructions for implementing the BSI Standard 100-4, a maturity model, and various tools and format templates.

In addition, the IT baseline protection standards for information security and the IT baseline protection compendium were fundamentally modernized in 2018, so that the time is now ripe for a modernized BSI standard 200-4 for BCM. This addresses the following points:

Integration of the practical implementation instructions and tools from the implementation framework into the standard itself.

Introduction of a step model so that entry is made easier for smaller institutions in particular, and at the same time, advanced institutions are given practical instructions for establishing a comprehensive BCM that is compatible with ISO 22301.

Elaboration of possible synergies to a possibly existing ISMS (especially according to IT-Grundschutz) or ITSCM, without, however, assuming such systems.

There is currently a movement in the ISO world, too, because the ISO standard 22301 is currently being revised there. The BSI takes this into account during the modernization so that a BCM, according to the BSI standard 200-4, will also be compatible with the new standard.

What do you expect from the standard, and what will the industry expect from the new standard?

The primary concern in modernizing the BSI standard 200-4 is to sustainably promote the resilience of companies and authorities in Germany by providing these institutions with a tailor-made and easily applicable tool.

The aim was not to reinvent BCM / emergency management but to make the “BSI Standard 200-4 Toolbox” even better applicable to institutions of all types, industries, and sizes.

For companies in the insurance industry that have an established BCM, not that much will change. The new 200-4 standard, like the 100-4 standard, will be compatible with the ISO 22301 standard and prepare companies for a corresponding ISO certification. For companies that have already established an emergency management system in accordance with BSI Standard 100-4, we provide instructions for migrating to the highest level of BSI Standard 200-4. The effort involved in the migration will be limited, as not much changes in the “what”, but rather the “how” is supplemented with practical instructions and other aids.

For users who are just starting out with BCM, we provide simplified entry levels with the BSI standard 200-4. This means that entry barriers can be broken down. On the other hand, a sufficient degree of responsiveness in emergencies and crises can be established as quickly as possible so that companies remain able to act.

Interested users from the insurance industry and beyond are cordially invited to register for the BSI’s BCM info group. This newsletter always provides you with the latest information on BSI standard 200-4 and all IT-Grundschutz activities relating to BCM. We are also happy to receive feedback via this channel and would like to stay in touch with the user community.

Write A Comment

  • bitcoinBitcoin (BTC) $ 23,963.00 2.15%
  • ethereumEthereum (ETH) $ 1,893.67 0.45%
  • tetherTether (USDT) $ 0.999537 0.15%
  • usd-coinUSD Coin (USDC) $ 0.999338 0.24%
  • bnbBNB (BNB) $ 323.42 2.03%
  • xrpXRP (XRP) $ 0.376775 1.37%
  • cardanoCardano (ADA) $ 0.535222 0.62%
  • binance-usdBinance USD (BUSD) $ 0.999554 0.22%
  • solanaSolana (SOL) $ 43.47 2.23%
  • polkadotPolkadot (DOT) $ 9.27 1.43%
  • dogecoinDogecoin (DOGE) $ 0.071365 0.38%
  • avalanche-2Avalanche (AVAX) $ 28.93 2.22%
  • staked-etherLido Staked Ether (STETH) $ 1,837.38 0.72%
  • shiba-inuShiba Inu (SHIB) $ 0.000012 0.04%
  • daiDai (DAI) $ 0.999974 0.11%
  • matic-networkPolygon (MATIC) $ 0.926945 1.07%
  • tronTRON (TRX) $ 0.070511 0.54%
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 23,970.00 2.04%
  • ethereum-classicEthereum Classic (ETC) $ 42.34 9.57%
  • okbOKB (OKB) $ 20.47 6.93%
  • nearNEAR Protocol (NEAR) $ 5.89 1.42%
  • leo-tokenLEO Token (LEO) $ 4.74 0.02%
  • litecoinLitecoin (LTC) $ 61.85 0.1%
  • chainlinkChainlink (LINK) $ 9.09 1.13%
  • ftx-tokenFTX (FTT) $ 30.59 4.58%
  • uniswapUniswap (UNI) $ 9.06 1.35%
  • crypto-com-chainCronos (CRO) $ 0.152862 0.53%
  • cosmosCosmos Hub (ATOM) $ 11.74 3.47%
  • stellarStellar (XLM) $ 0.126196 0.12%
  • flowFlow (FLOW) $ 2.96 2.23%
  • moneroMonero (XMR) $ 162.34 2.41%
  • bitcoin-cashBitcoin Cash (BCH) $ 141.96 0.99%
  • algorandAlgorand (ALGO) $ 0.365589 0.15%
  • vechainVeChain (VET) $ 0.033555 2.34%
  • filecoinFilecoin (FIL) $ 8.50 2.53%
  • apecoinApeCoin (APE) $ 6.91 2.77%
  • internet-computerInternet Computer (ICP) $ 8.19 3.1%
  • decentralandDecentraland (MANA) $ 1.06 1.63%
  • chain-2Chain (XCN) $ 0.087136 0.76%
  • hedera-hashgraphHedera (HBAR) $ 0.080809 1.38%
  • tezosTezos (XTZ) $ 1.90 1.92%
  • the-sandboxThe Sandbox (SAND) $ 1.32 1.54%
  • quant-networkQuant (QNT) $ 125.26 2.59%
  • axie-infinityAxie Infinity (AXS) $ 18.70 0.41%
  • theta-tokenTheta Network (THETA) $ 1.64 1.92%
  • aaveAave (AAVE) $ 110.65 0.12%
  • elrond-erd-2Elrond (EGLD) $ 65.35 4.14%
  • fraxFrax (FRAX) $ 0.999750 0.16%
  • lido-daoLido DAO (LDO) $ 2.57 6.81%
  • eosEOS (EOS) $ 1.31 0.48%