IT security: BSI manual for company management

The German Federal Office for Information Security has published a new handbook aimed specifically at management. The aim is to increase the resilience of companies by increasing cyber security knowledge at management level.

Secure digitization can only succeed if management develops a basic understanding of information security risks. Cyber security is thus a matter for the boss.

The new manual “Management of Cyber Risks” published by the German Federal Office for Information Security (BSI) is therefore aimed directly at company management. It provides an overview as well as recommendations for action on how to deal with and assess cyber risks.

The handbook was based on the “Cyber Risk Oversight Handbook” developed by the US Internet Security Alliance (ISA) on behalf of the National Association of Corporate Directors (NACD). In workshops and in close cooperation with experts from business, IT security research and government, the handbook was translated into German and adapted to German and European conditions.

Six basic principles are formulated to support management boards and supervisory boards in their consideration of cyber risks:

  1. Understand cyber security not only as an IT issue, but as a building block of enterprise-wide risk management.
  2. Understand and closely examine legal implications of cyber risks.
  3. Ensure access to cyber security expertise as well as regular exchange.
  4. Ensure implementation of appropriate frameworks as well as resources for cyber risk management.
  5. Prepare risk analysis as well as formulate definition of risk appetite depending on business objectives and strategies.
  6. Promote enterprise-wide collaboration and sharing of best practices.

The “Management of Cyber Risks” handbook, the supplementary toolkit for cyber risk management, and a one-pager intended to serve as a thought-provoking guide are available for download from the BSI’s website in German and English. Learn more.

Source & photo credit: BSI