The BSI has specified security advice for small and medium-sized companies according to DIN SPEC 27076. The so-called CyberRisikoCheck gives non-specialist customers and SMEs the certainty that their cyber security really does meet standards.
More and more managers in small and medium-sized enterprises (SMEs) are realizing that they can no longer work without their IT systems and therefore need to protect them appropriately. Often, however, they neither know how good or bad their information security is, nor which paths it makes sense to take to increase the level of protection.
CyberRiskCheck – 27 requirements from six areas
Companies can be tested according to DIN SPEC 27076 (Image: BSI).
A new standard for IT security advice, which was developed by the Federal Office for Information Security (BSI) in cooperation with the Federal Association of Small and Medium-Sized Businesses (BVMW) and around 20 other partners, now provides a remedy. This makes it easier for SMEs in particular to get started with information security.
The CyberRisikoCheck according to DIN SPEC 27076 is used for IT security advice for small companies. The specification specifies how the consultation is to be carried out and what content the consultation report must contain. A total of 27 requirements from six areas must be checked for fulfillment by an IT security service provider in discussions with the respective company. For each of these requirements, it is also defined how it can be fulfilled and which government funding programs can be used to implement this recommendation. The BSI will provide qualified service providers with a web-based tool to carry out the CyberRiskCheck.
BSI provides a web-based tool for the check
The development of the DIN SPEC was financed by the Federal Ministry of Economics and Climate Protection (BMWK) as part of its “Mittelstand Digital” program. In addition to the BSI, which headed the consortium, and the BVMW, which took over the deputy leadership of the consortium, almost 20 other partners were involved, including the German Institute for Standardization (DIN), economic development agencies, a subsidiary of the General Association of the German Insurance Industry, IT baseline protection experts and auditors as well as experts on the subject of data protection and IT service providers.
Check is not a security certification
As a result, the company receives a report that among others contains the score and a recommendation for action for each unfulfilled requirement. The recommendations for action are structured according to urgency and contain information on which state support measures (at federal, state and municipal level) the respective company can take advantage of. The CyberRiskCheck is save IT-Security Certification. However, it enables a company to determine its own position IT-Security levels and shows which concrete measures a company implements or at a IT- Service provider should commission.
More at BSI.Bund.de
About the Federal Office for Information Security (BSI) The Federal Office for Information Security (BSI) is the federal cyber security authority and the creator of secure digitization in Germany. The guiding principle: As the federal cyber security authority, the BSI designs information security in digitization through prevention, detection and reaction for the state, economy and society.