 Unternehmensberatung UG(haftungsbeschränkt) |
|
> Nachrichtenticker
> Archiv |
| GRATIS Online Buchhaltung | GRATIS Online Organisation |
| IT-AUDIT | |||
. |
IT SECURITY | ||
|
|||
|
|||
| CobiT | |||
| ITIL | |||
| ERP | |||
| Information Privacy | |||
| IAS/IFRS | |||
| NEWS | |||
NewsletterBitte melden Sie sich bei unserem Newsletter an. |
|
| Email: | |
| anmelden | |
| abmelden | |
| Datum: 20.05.2012 | > Login > Registrierung |
|
|
The german Federal Office for Information Security (BSI) has been offering information and assistance on all aspects of IT security for many years. The BSI's IT-Grundschutz has become the most comprehensive standard work on IT security. It is used by numerous companies and public bodies as the basis on which to build their own catalogues of measures. In line with developments in information technology, the IT-Grundschutz has become more complex and wider-ranging. Hence, small and medium-sized organisations, with limited financial and personnel resources, especially need an introduction to the subject that is easy and fast to implement. These guidelines are intended to satisfy this need, providing a compact overview of the most important IT security measures that is intelligible to the non-expert. The focus is on organisational safeguards and on illustrating threats through practical examples. Technical details have deliberately been avoided. In short, anyone who consequentently implements the recommendations made in these guidelines or who uses them to draw up service contracts with IT service providers is already building a solid foundation for a sound level of IT security. Source: BSI Overview of BSI security standards andbrochures: BSI-Standards The BSI Standards contain recommendations by the Federal Office for Information Security (BSI) on methods, processes, procedures, approaches and measures relating to information security. For this the BSI addresses issues that are of fundamental importance for information security in public authorities and companies and for which appropriate, practical, national or international approaches have been established. On the one hand, BSI Standards are used to provide technical support to users of information technology. Public agencies and companies can use the BSI recommendations and adapt them to their own needs. This facilitates the secure use of information technology as trusted methods, processes or procedures are used. Manufacturers of information technology or service providers can also dispose of the BSI recommendations to make their products more secure. On the other hand, BSI Standards are also used to depict proven approaches to co-operation. BSI Standards can be quoted, and this will contribute to establishing uniform specialist terms. BSI Standard 100-1 defines the general requirements for an ISMS. It is completely compatible with ISO Standard 27001 and moreover takes the recommendations in ISO Standards 13335 and 17799 into consideration. It provides readers with easily understood and systematic instructions, regardless of which methods they wish to use to implement the requirements. BSI presents the content of these ISO Standards in its own BSI Standard in order to describe some issues in greater detail and therefore facilitate a more didactic presentation of the contents. In addition, the organization was arranged to be compatible with the IT-Grundschutz approach. The common headings in the two documents make orientation easier for the reader. BSI-Standard 100-2: IT-Grundschutz (Basic Security) Methodology The IT-Grundschutz (Basic Security) Methodology progressively describes (step by step) how IT security management can be set up and operated in practice. The tasks of IT security management and setting up an IT security organisation are important subjects in this context. The IT-Grundschutz Methodology provides a detailed description of how to produce a practical IT security concept, how to select appropriate IT security measures and what is important when implementing the IT security concept. The question as to how to maintain and improve IT security in ongoing operation is also answered. Thus, IT-Grundschutz interprets the very general requirements of the ISO Standards 13335, 17799 and 27001 mentioned above and helps the users to implement them in practice with many notes, background expertise and examples. The IT-Grundschutz Catalogues not only explain what has to be done, they also provide very specific information as to what implementation (even at a technical level) may look like. The IT-Grundschutz approach is therefore a tested and efficient opportunity to meet all the requirements of the ISO Standards mentioned above. BSI-Standard 100-3: Risk Analysis based on IT-Grundschutz (Basic Security) The IT-Grundschutz Catalogues of the BSI contain standard security measures required in the organisational, personnel, infrastructure and technical areas that are generally appropriate for normal security requirements and to protect typical IT environments. Many users, who are already working successfully with the IT-Grundschutz, are confronted with the question, how they are to deal with areas, whose security requirements clearly go beyond the normal measure. It is important that the basic methodology does not produce a great deal of additional effort and expense and reuses as many approaches as possible from the IT-Grundschutz. To cover these issues, the BSI has worked out a method of analysing risks that is based on IT-Grundschutz. This approach can be used when companies or public authorities are already working successfully with the IT-Grundschutz Manual and would like to add an additional security analysis to the IT-Grundschutz analysis as seamlessly as possible. There may be different reasons for this:
|
|
GRATIS Online Buchhaltung | GRATIS Online Organisation |