Oliver R.

Your DORA - obligations based on what BafFin published: 1. Identification ICT risk, cyber threats and vulnerabilities 2. Establishment a comprehensive digital operational testing program 3. Gathering information on cyber threats and cyber-attacks for analysing their impact on digital operational resilience 4. ICT risk management 5. Cyber threat recording and classify them CrowdStrike can help and support you regarding DORA. https://lnkd.in/dSjKaiB4

21

1 Kommentar

An interesting story (with good insights from Sarah Fluchs) about car models (VW Up and T6.1 as well as three Porsche models) discontinued by their manufacturing because they could not meet the UNECE R 155 transitional regulation. Since the core of this is to "demonstrate that cyber security was adequately considered", the moral of the story is simple: whether it's apps, cars, IoT, AI models, etc., secure by design is a must. #securebydesign #security

8

Stronger together – alliances for cybersecurity 💪 🙏 As the economy and society become more interconnected, the attack surface for cyber attacks is growing. Defending modern attacks with traditional protective measures is becoming increasingly difficult. My appeal is that companies should form alliances to work together to build the most resilient infrastructure possible. Find out more about my proposal in the latest guest article in the Security-Insider. Lukas Winklmann, Benedikt Ernst, Karin Schönwetter, Bryan Sartin, Kris Lovejoy, Jimmy Nilsson, Mareike Tan, Katharina Ebner, Marcus Rolfes, Annette Fassnacht, Jochen Werner, Markus Lyschik

35

1 Kommentar

What on earth is happening to the SIEM market? For that matter, what’s happening to the security market of which SIEM has been such a substantial aspect? The first and most obvious answer we see in our data is that the challenge of responding to potential threats has become overwhelming. For many years, our Voice of the Enterprise surveys have been asking respondents to estimate, on average, how many security alerts they canNOT get to in a typical day. Last year, for the first time since we’ve been asking that question, more than half of our respondents told us that number exceeded 50%. IT at the center of the modern enterprise can spin up and scale with high elasticity in response to changing demand, throwing off data in unprecedented volumes. At the edge, the ability to detect and respond to threats must “four wheel” across a varied landscape that further complicates the challenge. Many approaches to threat detection still do not incorporate native telemetry gathered directly from points of observation. User interfaces and experiences must be adapted to specific use cases. These often mean that multiple techniques must be incorporated into an enterprise SOC. Many approaches to gathering and analyzing data on potential threats and turning it into insight that supports action are still predicated on a past well before many of these factors became reality. Seconds count, yet in too many cases, dwell or response times are still too often measured in days. Meanwhile, people have become a factor on two fronts: Attackers recognize that human interaction may be more exploitable than technology - while developing and retaining skills in the SOC introduces difficulties of its own. The impact of the challenge to legacy SIEM is now being reflected in substantial market realignments and changing approaches to security architecture – changes which we wrote about in detail in a December 2023 report. (Subscribers can access that report here: https://lnkd.in/dZUgtszT ) Those who see the opportunity for a platform approach are consolidating their bets. But that doesn’t necessarily mean they’re winning. Enterprises tell us that they are very concerned about lock-in by a single provider, not least by the escalating costs of what becomes a commitment difficult to shift away from – but migration to newer approaches may bring costs and complexities of their own. And even when providers do win substantial share, some such as Microsoft are being taken to task by the public sector on the security of their estate overall – emblematic of the challenge that faces us all. Security has quite simply gone beyond a human-scale problem. That doesn’t mean that the current – or even the next – generation of technology will solve it. But it does mean that threat detection and response will have to rise to the occasion – in ways that organizations can actually afford. That future may little resemble the landscape of today.

95

47 Kommentare

Shaping the cybernation- we had the honor to discuss actions against cybercrime ( 200 billion euro damage per year for the German economy) with Claudia Plattner, president of the Bundesamt für Sicherheit in der Informationstechnik (BSI) (Federal Office for Information Security). We need large scale and synchronized actions to mitigate the risk. Thanks to Norbert Pohlmann Lars Steffen Emma Wehrwein and Hauke Timmermann for sharing insights around networks, artificial intelligence, digital identities, e-Mail security, digital ecosystems and many more topics. Stay tuned for more information on the journey for a resilient cybernation! eco - Verband der Internetwirtschaft e.V. #cybernation #resilience #safeinternet

77

1 Kommentar

The brandnew #ThreatRadar 2024 is out now! Situation report on #cybercrime. Swisscom's new Cyber ​​Security Threat Radar shows the attack methods and actions of cyber criminals in Switzerland. #cybersecurity

33

Advanced authentication measures play a key role in addressing the weakest link in cybersecurity: the user. 2-factor authentication is definitely a good place to start. Nevertheless, many companies are not yet ready, or lack the necessary level of authentication to adequately protect company data.

2

🇨🇭🆔 Just published: Swiss E-ID & Trust Infrastructure — Technical Roadmap (WIP) The Swiss E-ID Program is currently following an approach that strives to offer strong privacy-preserving capabilities as well as laying the foundation for interoperability with the European Union and others. The Confederation has not made its final decision on the technology used for the issuance of the E-ID itself yet — this will presumably be taken by the end of 2024 and allow for more time to assess in particular the financial impact in more detail. Nonetheless, the E-ID Program strives to provide a transparent insight into the current working hypothesis for the underlying trust infrastructure. The FDJP currently aims to provide a multi-stack architecture that supports multiple standards and enables business cases to decide what capability or format should be prioritized for their use case. GitHub: Swiss E-ID & Trust Infrastructure — Technical Roadmap (WIP) https://lnkd.in/epGXVqJk

71

7 Kommentare

🎉 Celebrating an Achievement: ISO 27001 Lead Auditor Certified! 🎉 From TÜV Rheinland Group. - TÜV Rheinland’s headquarters is located in Cologne, Germany  - TÜV Rheinland is a globally recognized certification body that provides ISO 27001 certification services. The ISO 27001 Lead Auditor learning has equipped me with essential knowledge and skills related to information security management systems (ISMS) implementation requirements and audits. Here are the key learnings and domains covered: 1. Fundamental Principles and Concepts of ISMS: - Understanding the basics of ISO 27001 and its relationship with other standards and frameworks. -The roles and responsibilities of a Lead Auditor. 2. Information Security Management System (ISMS): - Diving into ISMS components, risk assessment methodologies, and security controls. - Exploring how ISO 27001 aligns with organizational goals. 3. Audit Concepts and Principles: - Learning fundamental audit principles, including planning, execution, and reporting. - Familiarizing with ISO 19011 audit guidelines. 4. Preparation of an ISO 27001 Audit: -Preparing audit plans, checklists, and resources. - Understanding the context and scope of the audit. 5. Conducting an ISO 27001 Audit: -Executing the audit process, assessing controls, and identifying the gaps. -Interacting with auditees effectively. 🔍 Benefits of ISO 27001 Lead Auditor Certification: 1. Customer Trust: Demonstrate commitment to information security, building trust with clients and stakeholders. 2. Audit Preparedness: Equip yourself to plan, conduct, and report on robust Information Security Management System (ISMS) audits. 3. Risk Mitigation: Minimize data breaches, leaks, and cyber threats through effective controls. 4. Regulatory Compliance: Stay ahead of security regulations and legal requirements. 5. Team Leadership: Lead ISMS audit teams, ensuring security improvements. #ISO27001 #ISO27001LA #LeadAuditor #CyberSecurity #InformationSecurityManagementSystems #RiskMitigation #RegulatoryCompliance #CustomersTrust #TuvRheinland

85

26 Kommentare

𝗬𝗼𝘂𝗿 𝗜𝗦𝗢𝟮𝟳𝟬𝟬𝟭 𝗝𝗼𝘂𝗿𝗻𝗲𝘆 - 🅿🅰🆁🆃 2: 𝗨𝗻𝗱𝗲𝗿𝘀𝘁𝗮𝗻𝗱𝗶𝗻𝗴 𝗬𝗼𝘂𝗿 𝗜𝗦𝗠𝗦 𝗦𝗰𝗼𝗽𝗲 In the second part of our ISO27001 journey, we delve into the critical task of defining the scope of your Information Security Management System (ISMS). Understanding and establishing the scope is essential for a successful ISO/IEC 27001:2022 implementation, ensuring that all relevant aspects of your organization are covered and adequately protected. 𝗪𝗵𝗮𝘁 𝗶𝘀 𝘁𝗵𝗲 𝗜𝗦𝗠𝗦 𝗦𝗰𝗼𝗽𝗲? The scope of your ISMS defines the boundaries and applicability of the system within your organization. It outlines which parts of the organization will be included in the ISMS, considering both internal and external factors that influence information security. This is crucial for ensuring comprehensive protection of sensitive information and aligning with ISO/IEC 27001 requirements. 𝗞𝗲𝘆 𝗖𝗼𝗻𝘀𝗶𝗱𝗲𝗿𝗮𝘁𝗶𝗼𝗻𝘀 𝗳𝗼𝗿 𝗗𝗲𝗳𝗶𝗻𝗶𝗻𝗴 𝗬𝗼𝘂𝗿 𝗜𝗦𝗠𝗦 𝗦𝗰𝗼𝗽𝗲 𝟭. 𝗖𝗼𝗻𝘁𝗲𝘅𝘁 𝗼𝗳 𝘁𝗵𝗲 𝗢𝗿𝗴𝗮𝗻𝗶𝘇𝗮𝘁𝗶𝗼𝗻: • Understand the context in which your organization operates, including the internal and external issues that could impact information security. Clause 4 of ISO/IEC 27001:2022 provides detailed guidance on this aspect. • Consider legal, regulatory, and contractual requirements, as well as stakeholder expectations. 𝟮. 𝗔𝘀𝘀𝗲𝘀𝘀𝗺𝗲𝗻𝘁 𝗮𝗻𝗱 𝗧𝗿𝗲𝗮𝘁𝗺𝗲𝗻𝘁 𝗼𝗳 𝗥𝗶����𝗸𝘀: • The scope should cover areas where information security risks are identified and need to be managed. Tailor the risk assessment and treatment processes to the specific needs of the organization. 𝟯. 𝗘𝘅𝗰𝗹𝘂𝘀𝗶𝗼𝗻𝘀 𝗮𝗻𝗱 𝗝𝘂𝘀𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀: • The standard specifies that exclusions of any requirements from clauses 4 to 10 are not permissible within the scope clause itself. However, exclusions of specific Annex A controls can be justified during the risk treatment process (clause 6.1.3). 𝟰. 𝗢𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗕𝗼𝘂𝗻𝗱𝗮𝗿𝗶𝗲𝘀: • Define the physical and logical boundaries of your ISMS. This includes locations, systems, processes, and organizational units that handle or process information. 𝟱. 𝗦𝘁𝗮𝗸𝗲𝗵𝗼𝗹𝗱𝗲𝗿 𝗖𝗼𝗺𝗺𝘂𝗻𝗶𝗰𝗮𝘁𝗶𝗼𝗻: • Ensure clear communication of the scope to all relevant stakeholders within the organization. This transparency helps in aligning everyone’s efforts towards maintaining information security. 💡 🅽🅴🆇🆃 ~ Part 3: Risk Assessment and Treatment

30

⚠️ #DataManipulation: An Underestimated #Risk and #Cyberrisk with Real Consequences ➡️ A recent #20min #newspaper article highlights how effortlessly data can be manipulated. https://lnkd.in/eA5ivgAg Imagine someone altering online comments to contain criminal content. Suddenly, you find yourself targeted by authorities, accused of making these statements. 🔐 The challenge: How to assure #DigitalTrust ? Are media companies aware that the so underestimated comment function of their articles can have a legal impact on their users? 👎👍 The result? Legal proceedings and, in the worst case, a conviction for something you never did.

10

2 Kommentare

Do you know what a deepfake is? Are you able to identify a deepfake on social media? Find out more in SECURNITE GmbH's 𝗳𝗿𝗲𝗲 𝗰𝗼𝘂𝗿𝘀𝗲, “Deepfake AI in Security”. The course covers the topic of deepfakes and includes: ✅ What they are. ✅ How they are created. ✅ How to defend against them. Click here to register for the course free of charge: https://lnkd.in/eWGvBc34 #cybersecurityacademy #cybersecurityeducation #cybersecuritytraining  #cybersecurity

7

2 Kommentare

🛫 Right now, I am on my way to visit RSA Conference in San Francisco!    My colleagues Andreas Baresel, Janek Maiwald and I are looking forward to meeting important partners and working out further collaborations at #rsac24.   We are excited about the news and innovations at #RSA regarding #cybersecurity! We look forward to sharing more thrilling information with you after the conference 😉   👉 PM or mail me if you want to meet us there! #DATAGROUP #rsac24 #CyberSecurity #moretocome #itsthatsimple

47

3 Kommentare

Looking forward to this session. Cybersecurity posture is a business decision.

20

1 Kommentar

Are you lost with regards to the Cybersecurity Legislation happening in Europe, do you want to know how it affects your product or services? I have good news Eurosmart has created a handy guide to up-and-coming regulation. Don't know your CRA from you're NIS 2.0, it is all here in some nice bite-sized chapters without all the confusing jargon, it also contains timelines, plus it is free! https://lnkd.in/ekTgUhPq #cybersecurity #cybersecurityregulation #iot #euregulation #cra #security

51

Greetings from the #AbasRoadshow 2024, where Christoph Holz made a first impression with his keynote speech on cyber security. Thank you! Two things struck me in particular: CEO hacking doesn't work if the corporate culture ensures that I can call (speaking personally) my manager and that a culture of error is a lived truth, i.e. that a relationship of trust exists in real life. This is a task of your organisation! Security belongs in the hands of professionals! With the #AbasCloudEdition at Forterro we have a solution for this. #Forterro #driveforward

27

#RESPONSIBLEAI GERMANY: I am delighted that my article "Financial organisations on the road to the ethical use of artificial intelligence" has appeared in the German publication All About Security. The German-language article is below--worth popping into Google Translate, if you are interested!

12