The BSI distributes the new international manual "Management of Cyber Risks" for company management. The Internet Security Alliance manual is intended to increase the resilience of companies through more cyber security knowledge in management.
Cyber attacks on companies are the order of the day, and the threat level is higher than ever. Company management must be aware of this and make cyber security an integral part of risk management. The internationally published manual "Management of Cyber Risks", which was developed by the Federal Office for Information Security (BSI) in cooperation with the Internet Security Alliance (ISA), is now receiving a far-reaching update. It is dedicated to a comprehensive corporate culture that takes cyber security into account at all times, thereby increasing the resilience of companies.
Updated edition for more resilience
Cyber security is a matter for the boss! Secure digitization succeeds when the company management develops a basic understanding of the risks in the area of information security. This is the only way for the board of directors or the supervisory board to make an informed assessment of the potential economic damage caused by cyber incidents and to decide on the validity of IT security strategies.
The “Cyber Risk Management” handbook is aimed at company management. It provides an overview and recommendations for dealing with and evaluating cyber risks. The handbook is based on the Cyber Risk Oversight Handbook developed by the US Internet Security Alliance (ISA) on behalf of the National Association of Corporate Directors (NACD). In workshops and in close cooperation with experts from business, IT security research and the state, the manual was translated into German in the present, updated version and adapted to German and European framework conditions.
Six Basic Principles & Toolbox
It formulates six basic principles that support management and supervisory boards in considering cyber risks:
- Cyber-Security not only as ITtopic, but rather as a building block of company-wide risk management.
- Understand and closely examine the legal implications of cyber risks.
- Ensure access to cyber security expertise and regular exchange.
- Ensure the implementation of suitable framework conditions and resources for cyber risk management.
- Prepare risk analysis and formulate a definition of risk appetite depending on business goals and strategies.
- Encourage company-wide collaboration and sharing of best practices.
The manual is through a Toolbox supplemented, which provides management with methods and questions about management, including resources from the BSI for the economy.
More at BSI.Bund.de
About the Federal Office for Information Security (BSI) The Federal Office for Information Security (BSI) is the federal cyber security authority and the creator of secure digitization in Germany. The guiding principle: As the federal cyber security authority, the BSI designs information security in digitization through prevention, detection and reaction for the state, economy and society.