This document outlines a methodology for conducting a risk analysis to supplement an existing IT-Grundschutz security concept. It describes preliminary work that must be completed before conducting the risk analysis, such as defining the information domain scope, performing a structure analysis, assessing protection requirements, and modeling target objects. The risk analysis process involves preparing a threat summary, determining additional threats, assessing threats, handling risks, and consolidating the security concept.
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTScsandit
Several constraints, such as business, financial, and legal can lead organizations to outsource some of their IT services. Consequently, this might introduce different security risks to major security services such as confidentiality, integrity and availability. Analysing and managing the potential security risks in the early stages of project execution allows organizations to avoid or minimize such security risks. In this paper, we propose an approach that is capable of managing the security and compliance risks of outsourced IT projects. Such an approach aims to allow organizations to minimize, mitigate, or eliminate security risks in the early stages of project execution. It is designed to manage variation in security requirements, as well as provide a methodology to guide organizations for the purpose of security management and implementation
Five principles for improving your cyber securityWGroup
Corporate assets have been shifting from physical assets to virtual assets over the past 20 years. This trend has been accompanied by a corresponding increase in the vulnerability of intangible assets, leading to a greater general awareness of corporate cyber security risks. The alteration or destruction of a company’s data can result in harm to reputation, loss of public confidence, disruption to infrastructure, and legal sanctions. The security risk can adversely impact a company’s stock price and competitive position in the marketplace. In this document, WGroup cites 5 principles that will help improve a business's cyber security. The 5 principles are risk identification, risk management, legal implications, technical expertise, and expectations.
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTScsandit
Several constraints, such as business, financial, and legal can lead organizations to outsource some of their IT services. Consequently, this might introduce different security risks to major security services such as confidentiality, integrity and availability. Analysing and managing the potential security risks in the early stages of project execution allows organizations to avoid or minimize such security risks. In this paper, we propose an approach that is capable of managing the security and compliance risks of outsourced IT projects. Such an approach aims to allow organizations to minimize, mitigate, or eliminate security risks in the early stages of project execution. It is designed to manage variation in security requirements, as well as provide a methodology to guide organizations for the purpose of security management and implementation
Five principles for improving your cyber securityWGroup
Corporate assets have been shifting from physical assets to virtual assets over the past 20 years. This trend has been accompanied by a corresponding increase in the vulnerability of intangible assets, leading to a greater general awareness of corporate cyber security risks. The alteration or destruction of a company’s data can result in harm to reputation, loss of public confidence, disruption to infrastructure, and legal sanctions. The security risk can adversely impact a company’s stock price and competitive position in the marketplace. In this document, WGroup cites 5 principles that will help improve a business's cyber security. The 5 principles are risk identification, risk management, legal implications, technical expertise, and expectations.
This publication covers two important aspects of information security governance: determining the security strategy approach and the strategy development process.
IT Architecture’s Role In Solving Technical Debt.pdfAlan McSweeney
Technical debt is an overworked term without an effective and common agreed understanding of what exactly it is, what causes it, what are its consequences, how to assess it and what to do about it.
Technical debt is the sum of additional direct and indirect implementation and operational costs incurred and risks and vulnerabilities created because of sub-optimal solution design and delivery decisions.
Technical debt is the sum of all the consequences of all the circumventions, budget reduction, time pressure, lack of knowledge, manual workarounds, short-cuts, avoidance, poor design and delivery quality and decisions to remove elements from solution scope and failure to provide foundational and backbone solution infrastructure.
Technical debt leads to a negative feedback cycle with short solution lifespan, earlier solution replacement and short-term tactical remedial actions.
All the disciplines within IT architecture have a role to play in promoting an understanding of and in the identification of how to resolve technical debt. IT architecture can provide the leadership in both remediating existing technical debt and preventing future debt.
Failing to take a complete view of the technical debt within the organisation means problems and risks remained unrecognised and unaddressed. The real scope of the problem is substantially underestimated. Technical debt is always much more than poorly written software.
Technical debt can introduce security risks and vulnerabilities into the organisation’s solution landscape. Failure to address technical debt leaves exploitable security risks and vulnerabilities in place.
Shadow IT or ghost IT is a largely unrecognised source of technical debt including security risks and vulnerabilities. Shadow IT is the consequence of a set of reactions by business functions to an actual or perceived inability or unwillingness of the IT function to respond to business needs for IT solutions. Shadow IT is frequently needed to make up for gaps in core business solutions, supplementing incomplete solutions and providing omitted functionality.
Understand and apply concepts of confidentiality, integrity and availability, Apply security governance principles,
Understand legal and regulatory issues that pertain to information security in a global context, Develop and implement documented security policy, standards, procedures, and guidelines, Understand business continuity requirements
Contribute to personnel security policies, Understand and apply risk management concepts, Understand and apply threat modeling, Integrate security risk considerations into acquisition strategy and practice, Establish and manage information security education, training, and awareness
Building a Product Security Practice in a DevOps WorldArun Prabhakar
This is a whitepaper on Product Security that largely focusses on building key security capabilities for products that are developed using DevOps methodology. It also consists of an effort to set up and accomplish the governance of Product Security in the DevOps world.
Attacks on the enterprise are getting increasingly sophisticated. Current solutions available do not seem to be adequate given the innovativeness, precision and persistence of these attacks in different forms and of different dimensions. Organisations thus want to increase the sophistication of their employees and also of the solutions to be deployed given this backdrop.
This white paper endeavors to compare the traditional Threat identification techniques and the challenges they pose as they are applied into current product designs. It also proposes the key elements to consider while designing new threat identification solutions.
Enterprise Architecture and Information SecurityJohn Macasio
A thinking tool to ask and describe the alignment requirements of business, information, technology and security to improve and secure the management of process, data, application and infrastructure of performance.
This publication covers two important aspects of information security governance: determining the security strategy approach and the strategy development process.
IT Architecture’s Role In Solving Technical Debt.pdfAlan McSweeney
Technical debt is an overworked term without an effective and common agreed understanding of what exactly it is, what causes it, what are its consequences, how to assess it and what to do about it.
Technical debt is the sum of additional direct and indirect implementation and operational costs incurred and risks and vulnerabilities created because of sub-optimal solution design and delivery decisions.
Technical debt is the sum of all the consequences of all the circumventions, budget reduction, time pressure, lack of knowledge, manual workarounds, short-cuts, avoidance, poor design and delivery quality and decisions to remove elements from solution scope and failure to provide foundational and backbone solution infrastructure.
Technical debt leads to a negative feedback cycle with short solution lifespan, earlier solution replacement and short-term tactical remedial actions.
All the disciplines within IT architecture have a role to play in promoting an understanding of and in the identification of how to resolve technical debt. IT architecture can provide the leadership in both remediating existing technical debt and preventing future debt.
Failing to take a complete view of the technical debt within the organisation means problems and risks remained unrecognised and unaddressed. The real scope of the problem is substantially underestimated. Technical debt is always much more than poorly written software.
Technical debt can introduce security risks and vulnerabilities into the organisation’s solution landscape. Failure to address technical debt leaves exploitable security risks and vulnerabilities in place.
Shadow IT or ghost IT is a largely unrecognised source of technical debt including security risks and vulnerabilities. Shadow IT is the consequence of a set of reactions by business functions to an actual or perceived inability or unwillingness of the IT function to respond to business needs for IT solutions. Shadow IT is frequently needed to make up for gaps in core business solutions, supplementing incomplete solutions and providing omitted functionality.
Understand and apply concepts of confidentiality, integrity and availability, Apply security governance principles,
Understand legal and regulatory issues that pertain to information security in a global context, Develop and implement documented security policy, standards, procedures, and guidelines, Understand business continuity requirements
Contribute to personnel security policies, Understand and apply risk management concepts, Understand and apply threat modeling, Integrate security risk considerations into acquisition strategy and practice, Establish and manage information security education, training, and awareness
Building a Product Security Practice in a DevOps WorldArun Prabhakar
This is a whitepaper on Product Security that largely focusses on building key security capabilities for products that are developed using DevOps methodology. It also consists of an effort to set up and accomplish the governance of Product Security in the DevOps world.
Attacks on the enterprise are getting increasingly sophisticated. Current solutions available do not seem to be adequate given the innovativeness, precision and persistence of these attacks in different forms and of different dimensions. Organisations thus want to increase the sophistication of their employees and also of the solutions to be deployed given this backdrop.
This white paper endeavors to compare the traditional Threat identification techniques and the challenges they pose as they are applied into current product designs. It also proposes the key elements to consider while designing new threat identification solutions.
Enterprise Architecture and Information SecurityJohn Macasio
A thinking tool to ask and describe the alignment requirements of business, information, technology and security to improve and secure the management of process, data, application and infrastructure of performance.
The Mental Health Network represents providers from across the statutory and non-statutory sectors.
The network works with government, regulators, opinion formers, media and the wider NHS to promote excellence in mental health services, and the importance of good mental health.
You can find out more about the NHS Confederation Mental Health Network at www.nhsconfed.org/mhn
Getting stressed by work, family or friends? Dealing with big issues? Share what's troubling you anonymously - join the Big White Wall network at www.bigwhitewall.com
Assurance Principal Jennifer Goodman presented "What Was the FASB Thinking?," a discussion and examples of unusual accounting rules, at the 2013 Decosimo Accounting Forum hosted by the University of North Alabama on July 19.
ENABLING PROTECTION AGAINST DATA EXFILTRATION BY IMPLEMENTING ISO 27001:2022 ...IJCI JOURNAL
The risk of data theft has increased significantly over the past years. As a consequence, overwhelming damage is caused to institutions and private persons, respectively. Even the widespread ISO standard 27001 was updated recently in October 2022 to integrate data exfiltration aspects. Corresponding new security controls have been introduced. In this paper we review the ISO 27001:2022 with respect to data exfiltration and come up with recommendations on how recently integrated ISO 27001:2022 controls can be used in an operational environment. Based on that, we introduce and demonstrate the effectiveness of a proactive and dynamic concept by integrating a simulation cycle into the Information Security Management System (ISMS) and using cyber threat intelligence to provide us with information about current threats. We provide a prototype for the threat simulation cycle based on a smart combination of established and widely accepted cyber defence tools. Within our evaluation we show the feasibility of our targeted and dynamically configurable simulation of data exfiltration threats and thus support to thwart the actual cyber-attacks in advance. In all we contribute to prevent (or at least make it significantly more difficult) the threat of data exfiltration. Dynamic, threat aware and preventive cyber-defence is our objective, and we provide an updated concept which integrates conclusively into an ISO 27001:2022 compliant ISMS.
Information security focuses on protecting valuable information that will help businesses to succeed in their strategies. Confidentiality, integrity and availability are the three basic objectives of Information Security.
For more such innovative content on management studies, join WeSchool PGDM-DLP Program: http://bit.ly/ZEcPAc
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB
The webinar covers:
• Development and implementation of ICS Security Management System
• Using ISO 27001 as the ISMS fundamental platform
• NIST SP 800-82 usage as the audit platform against ICS object
Presenter: Pedro Putu Wirya, an IT and ICS Security Consultant with an extensive experience in ISMS.
Link of the recorded session published on YouTube: https://youtu.be/iuI2QYsUYZQ
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
In today's digital age, cybersecurity is more critical than ever. Hence, it is crucial to stay informed and prepared.
Amongst others, the webinar covers:
• ISO/IEC 27032:2023 and ISO/IEC 27701 and their key components
• The standard’s alignment
• Emerging Cybersecurity Threats
• What is new to the ISO/IEC 27032:2023
Presenters:
Madhu Maganti
Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes.
Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting.
Jeffrey Crump
Mr. Jeffrey Crump is the Principal Consultant at Arizona-based Cyber Security Training and Consulting LLC and a graduate of the Certified NIS 2 Directive Lead Implementer course. He is a Certified CMMC Assessor, Certified CMMC Professional, and Instructor. Mr. Crump is also the author of Cyber Crisis Management Planning: How to reduce cyber risk and increase organizational resilience. His book has been expanded into a triad of certification courses on cyber crisis planning, exercises, and leadership.
Date: October 25, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/a21uasr8aLs
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxMargenePurnell14
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE
Walid Al-Ahmad, Bassil Mohammed, Vol. 2, No. 2
28
Addressing Information Security Risks by Adopting
Standards
Walid Al-Ahmad*‡, Bassil Mohammad**
*Computer Science Department, Faculty of Arts and Science, Gulf University for Science & Technology, Kuwait
**Ernst & Young, Amman, Jordan
‡
P.O.Box 7207 Hawally, 32093 Kuwait, Tel: +96525307321, Fax: +965 25307030, e-mail: [email protected]
Abstract- Modern society depends on information technology in nearly every facet of human activity including, finance,
transportation, education, government, and defense. Organizations are exposed to various and increasing kinds of risks,
including information technology risks. Several standards, best practices, and frameworks have been created to help
organizations manage these risks. The purpose of this research work is to highlight the challenges facing enterprises in their
efforts to properly manage information security risks when adopting international standards and frameworks. To assist in
selecting the best framework to use in risk management, the article presents an overview of the most popular and widely used
standards and identifies selection criteria. It suggests an approach to proper implementation as well. A set of recommendations
is put forward with further research opportunities on the subject.
Keywords- Information security; risk management; security frameworks; security standards; security management.
1. Introduction
The use of technology is increasingly covering
most aspects of our daily life. Businesses which
are heavily dependent on this technology use
information systems which were designed and
implemented with concentration on functionality,
costs reduction and ease of use. Information
security was not incorporated early enough into
systems and only recently has it started to get the
warranted attention. Accordingly, there is a need to
identify and manage these hidden weaknesses,
referred to as systems vulnerabilities, and to limit
their damaging impact on the information systems
integrity, confidentiality, and availability.
Vulnerabilities are exploited by attacks which are
becoming more targeted and sophisticated.
Attacking techniques and methods are virtually
countless and are evolving tremendously [1, 2].
In any enterprise, information security risks
must be identified, evaluated, analyzed, treated and
properly reported. Businesses that fail in
identifying the risks associated with the
technology they use, the people they employ, or
the environment where they operate usually
subject their business to unforeseen consequences
that might result in severe damage to the business
[3]. Therefore, it is critical to establish reliable
information security risk assessment and treatment
frameworks to guide organizations during the risk
management process.
Because risks cannot be complete.
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxbagotjesusa
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE
Walid Al-Ahmad, Bassil Mohammed, Vol. 2, No. 2
28
Addressing Information Security Risks by Adopting
Standards
Walid Al-Ahmad*‡, Bassil Mohammad**
*Computer Science Department, Faculty of Arts and Science, Gulf University for Science & Technology, Kuwait
**Ernst & Young, Amman, Jordan
‡
P.O.Box 7207 Hawally, 32093 Kuwait, Tel: +96525307321, Fax: +965 25307030, e-mail: [email protected]
Abstract- Modern society depends on information technology in nearly every facet of human activity including, finance,
transportation, education, government, and defense. Organizations are exposed to various and increasing kinds of risks,
including information technology risks. Several standards, best practices, and frameworks have been created to help
organizations manage these risks. The purpose of this research work is to highlight the challenges facing enterprises in their
efforts to properly manage information security risks when adopting international standards and frameworks. To assist in
selecting the best framework to use in risk management, the article presents an overview of the most popular and widely used
standards and identifies selection criteria. It suggests an approach to proper implementation as well. A set of recommendations
is put forward with further research opportunities on the subject.
Keywords- Information security; risk management; security frameworks; security standards; security management.
1. Introduction
The use of technology is increasingly covering
most aspects of our daily life. Businesses which
are heavily dependent on this technology use
information systems which were designed and
implemented with concentration on functionality,
costs reduction and ease of use. Information
security was not incorporated early enough into
systems and only recently has it started to get the
warranted attention. Accordingly, there is a need to
identify and manage these hidden weaknesses,
referred to as systems vulnerabilities, and to limit
their damaging impact on the information systems
integrity, confidentiality, and availability.
Vulnerabilities are exploited by attacks which are
becoming more targeted and sophisticated.
Attacking techniques and methods are virtually
countless and are evolving tremendously [1, 2].
In any enterprise, information security risks
must be identified, evaluated, analyzed, treated and
properly reported. Businesses that fail in
identifying the risks associated with the
technology they use, the people they employ, or
the environment where they operate usually
subject their business to unforeseen consequences
that might result in severe damage to the business
[3]. Therefore, it is critical to establish reliable
information security risk assessment and treatment
frameworks to guide organizations during the risk
management process.
Because risks cannot be complete.
Sheet1Country ACountry BProduct 110 Reds9 GreensProduct 22 Reds2.2 GreensProduct 37 Red4 GreenProduct 45 Red5 GreenProduct 54 Red4.5 Green
8/2/2019 Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?course_id=_109247_1&includeDeleted=true&attem… 1/2
SafeAssign Originality Report
Summer 2019 - Cloud Computing (ITS-532-06) - Second Bi-Term • Week 5 - Assignment • Submitted on Fri, Aug 02, 2019, 8:55 AM
Sai Kumar Baruri View Report Summary
View Originality Report - Old Design
INCLUDED SOURCES
Sources
Institutional database (8) %92
Student paper
Student paper
Student paper
Student paper
Student paper
Student paper
Student paper
Student paper
Top sources
Attachment 1
Week_5_Assignment_Microseg…
%92
4
8
1
5
7
6
2
3
Running head: MICROSEGMENTATION AND ZERO TRUST SECURITY 1
MICROSEGMENTATION AND ZERO TRUST SECURITY 2
Microsegmentation and Zero Trust Security
Week 5 - Assignment
by Sai Kumar Baruri
Professor D. Barrett
University of Cumberland’s
ITS 532 - 06
08/02/2019
Microsegmentation and Zero Trust Security
Introduction
The 21st century is much characterized by increased technology, access to the internet and the adoption of
information systems. Due to the adoption of technologies, there is an increase in the realization of the
benefits that come with IT value. However, technological advancements have negatively affected society
and brought about security threats. This has resulted in the implementation of security mechanisms
that enhance the security of IT assets. Such mechanisms include physical network segmentation, micro-
segmentation and zero-trust security. Physical network segmentation
The physical network segmentation in the cloud includes the segmentation of IT components that are
based on the logic outlines the endpoints to be on each network. The physical network segmentation seeks
to group some of the logical components into specific groups according to their functions and in turn,
access, the privileges assigned (Mammela et al., 2016). The physical network segmentation concerning
cloud computing implies the logical division of the network into minor segments that share the same
access permissions and characteristics. For instance, the cloud computing network is physically segmented
as a private cloud computing. Micro-segmentation
The micro-segmentation comprises of security-enhancing technology that is used in breaking down a given
data Centre which is a cloud-based into logical elements. This facilitates s the implementation of high-level
information technology security policies on the logical elements to aid in their control (Baum & Chang,
2014). The micro-segmentation in cloud computing seeks to break down the applications and the
various network segments into workloads. This implies that the communication and access of applications
are restricted according to the IT policies definition to build on security. Moreover.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
3. Contents
Contents
1. Introduction 4
1.1 Version history 4
1.2 Aims 4
1.3 Target group 5
1.4 Application 5
1.5 References 5
2 Preliminary work 7
3 Preparing the threat summary 9
4 Determination of additional threats 12
5 Threat assessment 15
6 Handling risks 17
6.2 Risks under examination 18
7 Consolidation of the security concept 21
8 Feedback to the security process 23
BSI-Standard 100-3: Risk analysis based on IT-Grundschutz Page 3
4. 1. Introduction
1. Introduction
1.1 Version history
As per Version Changes
February 2004 1.0
December 2005 2.0 • Adapted to BSI Standard 100-2
May 2008 2.5 • Stronger emphasis on the information security instead of
the IT security, resulting in the modification of various
terms
• Modified to reflect the new structure and organisation of
BSI-Standards 100-2
• To avoid confusion with the Z-safeguards from the IT-
Grundschutz Catalogues, the term "supplementary
safeguards/security safeguards" is used instead of the term
"additional safeguards" throughout the document.
• Explicit presentations of the threats from external objects
in Chapter 4
• Uniform treatment of the OK status of threats
• Added Section 6.2 which deals with the subject of "Risks
under examination"
1.2 Aims
The methodology outlined below demonstrates how the threats listed in the IT-Grundschutz
Catalogues [GSK] can be used to carry out a simplified analysis of risks for information processing.
Examples of potential areas of application for an analysis of this kind in public agencies and
companies include target objects which
• Have a high or very high security requirement in at least one of the three basic parameters of
confidentiality, integrity or availability
• Cannot be adequately mapped (modelled) with the existing modules of IT-Grundschutz
• Are operated in scenarios (environments, applications) which are not covered by IT-Grundschutz
In these cases the following questions arise:
• Which threats for data processing are not adequately allowed for, or are not even factored in at
all, in the implementation of the IT-Grundschutz modules?
• Might it be necessary to schedule and implement supplementary security measures over and
above the IT-Grundschutz model?
This document outlines a methodology for determining, for specific targets and for as little effort as
possible, whether and in what respect there is any need to take action over and above the IT-
Grundschutz in order to contain risks for information processing.
BSI-Standard 100-3: Risk analysis based on IT-Grundschutz Page 4
5. 1. Introduction
Figure 1: Integration of the risk analysis into the security process
The "IT-Sicherheitshandbuch" [SHB] and other approaches to analysing risks and security include
such issues as the probabilities of occurrence in order to take decisions on how to handle the threats.
But it has been proven that assessing the probability is often difficult in practice because there is no
basis for reliable estimates. The interpretation of the probabilities is also frequently questionable.
Therefore, in the methodology described here, the probabilities of occurrence is not considered
explicitly but rather implicitly as part of determining and assessing the threats.
1.3 Target group
This document is aimed at those who are responsible for security officers, security experts, security
consultants and everyone who is interested in managing information security or familiar with carrying
out risk analyses.
Those using the methodology outlined in this document should be familiar with the IT-Grundschutz
Methodology according to BSI Standard 100-2 [BSI2].
1.4 Application
This document outlines the methodology for carrying out risk analyses to supplement an existing IT-
Grundschutz security concept. The document draws on the threats specified in the IT-Grundschutz
Catalogues.
It is recommended to carry out the procedure described in Sections 2 to 8 step by step.
1.5 References
[BSI1] Information Security Management Systems (ISMS), BSI Standard 100-1, Version 1.5,
May 2008, www.bsi.bund.de
[BSI2] IT-Grundschutz Methodology, BSI Standard 100-2, Version 2.0, May 2008,
www.bsi.bund.de
[BSI3] Risk Analysis on the Basis of IT-Grundschutz, BSI Standard 100-3, Version 2.5, May
2008, www.bsi.bund.de
BSI-Standard 100-3: Risk analysis based on IT-Grundschutz Page 5
6. 1. Introduction
[GSK] IT-Grundschutz Catalogues – Standard Security Safeguards, BSI, new each year,
www.bsi.bund.de/grundschutz
[SHB] IT-Sicherheitshandbuch - Handbuch für die sichere Anwendung der Informationstechnik,
BSI, Version 1.0 – March 1992, Bundesdruckerei
BSI-Standard 100-3: Risk analysis based on IT-Grundschutz Page 6
7. 2 Preliminary work
2 Preliminary work
Before starting the actual risk analysis, the following preliminaries should have been dealt with, as
specified in BSI’s IT-Grundschutz Methodology according to BSI Standard 100-2 [BSI2]:
• A systematic information security process must have been initiated. This serves to channel the
information security operations along ordered tracks. For example, appropriate roles and tasks
must be defined. Further information on introducing the information security process can be
found in Section 3 of the IT-Grundschutz Methodology.
• In accordance with Section 4.1 of the IT-Grundschutz Methology a scope for the security concept
must be defined. This area of application is referred to in the following as the information
domain.
• A structure analysis must have been performed for the information domain, as specified in
Section 4.2 of the IT-Grundschutz Methodology. This is a way of ascertaining the key
information about the information domain, for example the basic network layout and a list of the
most important applications which depend on the IT systems.
• Subsequently, an assessment of protection requirements must have been performed, as specified
in Section 4.3 of the IT-Grundschutz Methodology. The result is the protection requirement for
the applications, systems, rooms used by the IT assets and a list of the critical communication
links. The security requirement refers to the basic parameters of confidentiality, integrity and
availability and is determined at three levels, namely normal, high and very high.
• A modelling process must have been performed, as specified in Section 4.4 of the IT-
Grundschutz Methodology and Section 2 of the IT-Grundschutz Catalogues. This involves
determining which target objects in the information domain each module of the IT-Grundschutz
Catalogues should be applied to. The standard security measures stated in the individual modules
form the basis for the IT-Grundschutz security concept for the information domain under review.
• Prior to the risk analysis a basic security check must be performed, as specified in Section 4.5 of
the IT-Grundschutz Methodology. This determines which standard security measures have
already been implemented for the information domain under review and where there are still
deficits.
• A supplementary security analysis must have been performed, as specified in Section 4.6 of the
IT-Grundschutz Methodology. During the Supplementary Security Analysis a decision is made as
to which objects are to be the subject of risk analyses and to identify those for which this is not
necessary.
The objects which have been earmarked for risk analysis during the supplementary security analysis
are referred to below as the target objects under review or components under review.
Example:
A supplier maintains a communication link to his main customer. The customer uses this link to notify
the supplier about current needs for products in particular colours, sizes and types continuously. In
order to minimise the data volume only changes to previously notified requirements are transmitted.
The supplier uses these notifications of requirements as the basis for assigning production capacities.
In this manner it is guaranteed that the supplier produces and supplies each of the quantities of the
individual colours, sizes and types as precisely as possible.
In technical terms the communication link is implemented via a rented fixed line to the main customer.
A failure of just two hours can result in substantial over-production or supply bottlenecks and
therefore high costs to the company. The following sub-section of the whole information domain
therefore has a high protection requirement in terms of availability:
BSI-Standard 100-3: Risk analysis based on IT-Grundschutz Page 7
8. 2 Preliminary work
Figure 2: Part of a network as example for high protection
The affected components are located in Rooms M.723 (server room), M.811 (technical room) and E.5
(production area control room). The supplementary security analysis entailed the decision that no risk
analysis is required for any other components with a high protection requirement.
BSI-Standard 100-3: Risk analysis based on IT-Grundschutz Page 8
9. 3 Preparing the threat summary
3 Preparing the threat summary
The threats which are relevant to the target objects under review and are listed in the IT-Grundschutz
Catalogues constitute an appropriate starting point for the risk analysis. In contrast to the "IT-Sicher-
heitshandbuch" [SHB], threats, vulnerabilities and risks are not examined separately here.
The aim of the following work steps is to produce a summary of the threats to which the target objects
under review are subject. For this purpose it is advisable to initially reduce the information domain
down to the components under review.
1. After modelling the information domain, the first target objects or groups of target objects to be
deleted are those which were identified in the supplementary security analysis as not requiring
risk analysis. This means that all target objects not under review are eliminated from the
modelling process.
Example: (Excerpt)
No. Title of module Target object
B 2.3 Office Room M.501 delete
B 2.4 Server room Room M.723
B 2.6 Technical Infrastructure Room Room M.811
B 3.101 General server S2 delete
B 3.101 General server S3
B 3.102 Server under Unix S2 delete
B 3.102 Server under Unix S3
B 3.201 General Client C2 delete
B 3.201 General Client C4
B 3.301 Security Gateway (Firewall) N3
2. Subsequently, all the modules that remain in the table for which there is no target object or
group of target objects left are deleted. These modules are evidently irrelevant to the target
objects under review.
In general, it is only possible to remove objects in layers 2 to 5 because the modules in layer 1
usually relate to all or at least many target objects. In some cases modules may be removed
from layer 1 if it is clear that the issue handled by the module is irrelevant to the corresponding
risk analysis.
Examples:
- The module B 1.3 Contingency Planning Concept and B 1.8 Handling Security Incidents
can be dispensed with in the majority of cases if the risk analysis only deals with sub-
areas which have a normal level security requirement for availability.
- It is usually possible to remove the module B 1.7 Encryption concept if the risk analysis
only handles sub-areas that have a normal protection requirement for confidentiality and
integrity.
The result of these steps is a table in which the modules that are relevant for the target objects
that have a high protection requirement are listed. The modules in layer 1 are important for all
or many target objects; in contrast, the modules in the other four layers refer to special target
objects or groups of target objects.
BSI-Standard 100-3: Risk analysis based on IT-Grundschutz Page 9
10. 3 Preparing the threat summary
Example: (Excerpt)
No. Title of module Target object
B 2.4 Server room Room M.723
B 2.6 Technical Infrastructure Room Room M.811
B 3.101 General server S3
B 3.102 Server under Unix S3
B 3.201 General Client C4
B 3.301 Security Gateway (Firewall) N3
3. Each module from the IT-Grundschutz Catalogues refers to a list of threats. For each target
object in the table the number and title of these threats are inserted from the modules and
assigned to the relevant target object. It is useful in this case to handle the threats in the
modules in Layer 1 separately by assigning them to the special target object "entire information
domain", for example.
4. The result is a table that assigns a list of relevant threats to each target object. All duplicates
and multiple copies of threats for each target object should be removed from this table.
5. Subsequently, the threats in the table should be sorted for each target object by subject. Some
threats in the IT-Grundschutz Catalogues deal with similar security problems or with different
forms of the same threat (e.g.T 1.2 IT System Failure and T 4.31 Failure or Malfunction of
Network Components).
6. In order to facilitate the subsequent analysis, the protection requirement for each target object
that was determined for the three basic parameters of confidentiality, integrity and availability
when determining the protection requirement should be listed in the table. This assignment is
not required for the higher ranking target object of the entire information domain.
This table presents a threat summary for the target objects under review. It serves as the initial
point for the subsequent determination of additional threats.
Example: (Excerpt)
Communication server S3
Confidentiality: Normal
Integrity: High
Availability: High
T 1.2 Failure of the IT system
T 3.2 Negligent destruction of equipment or data
T 4.1 Disruption of power supply
T 5.57 Network analysis tools
T 5.85 Loss of integrity of information that should be
protected
etc.
BSI-Standard 100-3: Risk analysis based on IT-Grundschutz Page 10
11. 3 Preparing the threat summary
Room M.811
Confidentiality: Normal
Integrity: Normal
Availability: High
T 1.4 Fire
T 1.5 Water
T 2.6 Unauthorised admission to rooms requiring
protection
T 5.3 Unauthorised entry into a building
T 5.5 Vandalism
etc.
BSI-Standard 100-3: Risk analysis based on IT-Grundschutz Page 11
12. 4 Determination of additional threats
4 Determination of additional threats
For the target objects under review there are, in some circumstances, additional isolated threats over
and above those foreseen in the IT-Grundschutz Model. These must also be taken into consideration.
As a general rule, the IT-Grundschutz Catalogues listed only those threats which
- Are conditional upon a particular technology, a specific product or a special application
- Can - in usual scenarios - only result in damage under very special conditions
- Require the attacker to have excellent expertise, opportunities and resources
These include, for example, deliberately eliminating a whole location using weapons or a technically
complicated attack with the co-operation of an internal administrator.
For information security the relevant threats are those
- That could produce substantial damage
- Are realistic for the current application and area of use
When determining additional relevant threats, the protection requirement for the target object under
review must be considered in terms of the three basic parameters for information security –
confidentiality, integrity and availability:
1. If a target object has a very high protection requirement for a particular basic parameter, the
threats that could adversely affect this basic parameter should be found first. In this security
requirement category it should be assumed that there are relevant threats which are not
contained in the IT-Grundschutz Catalogues.
2. Even if a target object has a high protection requirement for a particular basic parameter, the
threats that could adversely affect this basic parameter should be found. In this security
requirement category there may, in certain circumstances, be relevant threats which are not
contained in the IT-Grundschutz Catalogues.
3. If the target object is categorised as having a normal security requirement in one specific basic
parameter then the threats listed in the IT-Grundschutz Catalogues - and therefore also the
recommended security measures - are generally adequate for this basic parameter.
Irrespective of the security requirement of the target object under review, it is particularly important
to identify any additional relevant threats if there is no appropriate module for the target object in the
IT-Grundschutz Catalogues or if the target object is operated in a scenario (environment, application)
which is not foreseen in the IT-Grundschutz Catalogues.
The following issues are to be considered when determining additional threats:
- Which potential force majeure events represent particular threats for the information domain?
- Which organisational failures must be avoided at all costs in order to guarantee information
security?
- Which human errors adversely affect the security of information and applications?
- Which special security problems could occur to the target object under review due to technical
failure?
- Which particular threats arise from deliberate attacks by outsiders? This refers to people that
are not part of the institution itself and have no access to internal resources through special
arrangements.
- How can insiders affect the proper, secure operation of the target object under review through
deliberate actions? Particular threats frequently arise as a result of existing access authorisation
and insider knowledge.
BSI-Standard 100-3: Risk analysis based on IT-Grundschutz Page 12
13. 4 Determination of additional threats
- Are there objects not located in the information domain being examined that represent special
threats? Such external objects could be external applications, IT systems, or structural
conditions, for example. The definition of the information domain being examined is used to
specify the object to be examined for the security concept. However, this must not result in the
neglection of threats which are located outside of the information domain being examined
during the risk analysis.
For each target object under review the first step is to check whether any additional threats must be
considered. Such sources of special threats may include
- The manufacturer's documentation
- Publications on vulnerabilities on the Internet and
- One’s own threat analyses.
When identifying additional threats it can also be worthwhile re-consulting the IT-Grundschutz Threat
Catalogues T 1 to T 5 as sources. It may be that further relevant threats are listed there that were not
previously taken into consideration because the respective modules may not, for example, be
contained in the modelling process.
It is frequently the case that in practice additional threats affect several target objects. The identified
additional threats are added to the threat summary.
Important: If relevant threats are not considered, this may produce gaps in the resulting security
concept. If in doubt a careful analysis of whether and which threats may still be missing should
therefore be performed. For this it is frequently advisable to utilise external consulting services..
Brainstorming involving all the relevant employees has proven effective in determining additional
threats. IT security officers, project managers, administrators and users of the target object under
review and possibly external experts, if appropriate, should be involved. The participants' objectives
should be clearly formulated and the brainstorming time limited. Experience has shown that a period
of 2 hours is an appropriate upper limit. An expert for information security should conduct the
brainstorming session.
Example: (Excerpt)
In the scope of a brainstorming session a company identifies such additional threats as the following:
Entire information domain
T 2.U1 Inadequate synchronisation of active and backup system
Because of the high availability requirements the components of the communication
system to the customer exist in duplicate. If the backup components are not up to date,
there is a risk that no working connection to the customer can be established.
T 5.70 Manipulation by family members or visitors
This threat is contained in the IT-Grundschutz Catalogues and is referenced from
module B 2.8 Workplace at Home. However, this module is not contained in the
modelling of the current information domain. Nevertheless, threat T 5.70 must be taken
into account because visitors are regularly shown through the firm’s premises. T 5.70 is
therefore also included in the risk assessment.
etc.
BSI-Standard 100-3: Risk analysis based on IT-Grundschutz Page 13
14. 4 Determination of additional threats
Switch N7
Confidentiality: normal
Integrity: normal
Availability: high
T 2.U2 Damage to information technology in production department
The Client C4 and Switch N7 are operated in the company's production department and
are therefore subject to particular, physical threats. The devices can be damaged,
destroyed or their lifespan reduced.
etc.
Client C4
Confidentiality: normal
Integrity: high
Availability: high
T 2.U2 Damage to information technology in production department
Refer to Switch N7
T 4.U1 Incompatibility between production and communication software
Client C4 is not only used to communicate with the customer, it is also used to operate
other programs that support production. Incompatibility between these programs may
result in crashes and loss of availability.
etc.
BSI-Standard 100-3: Risk analysis based on IT-Grundschutz Page 14
15. 5 Threat assessment
5 Threat assessment
The next step works through the threat summary systematically. It checks whether the security
measures already implemented or at least planned in the security concept provide adequate protection
for each target object and threat. As a general rule, these will be standard security measures taken
from the IT-Grundschutz Catalogues. The test is performed using the security concept and the
following testing criteria:
- Completeness
Do the standard security measures provide protection for all aspects of each threat? (Example:
Was the back door to the building and on the emergency exits also considered?)
- Mechanism strength
Do the protection mechanisms recommended in the standard security measures counteract each
threat adequately? (Example: Are the specifications for the minimum key length adequate?)
- Reliability
How difficult is it to circumvent the planned security mechanisms? (Example: How easy is it
for users to gain entry to the server room and therefore circumvent the file access control?)
The result of the check is entered in the OK (Y/N) column in the threat summary for each individual
threat.
OK=Y means that the security measures implemented or envisaged in the security concept provide
adequate protection against the respective threat or that the threat is not relevant for the current risk
analysis (for example, because another basic parameter is affected).
OK=N means that the security measures implemented or envisaged in the security concept do not
provide adequate protection against the respective threat.
Note: It is frequently the case that when assessing threats, initial ideas are found for security measures
that counteract the threats. These suggestions are useful for the subsequent work steps and should be
recorded.
The risk assessment provides an overview as to which threats are adequately covered for the target
objects under review by the measures contained in the IT-Grundschutz Catalogues (OK=Y), and as to
where there may still be risks (OK=N). Dealing with these threats is discussed in the next section.
Example: (Excerpt)
A supplier carries out a threat assessment using the amended threat summary. The result is, e.g., that
the IT-Grundschutz safeguards are not adequate for such threats as the following (OK=N):
Communication server S3
Confidentiality: normal
Integrity: high
Availability: high
T 1.2 Failure of the IT system OK=N
Reliable action must be taken to prevent Server S3 from failing. The IT-
Grundschutz Catalogue measures are not adequate.
T 5.85 Loss of integrity of information that should be protected OK=N
The order requirement information sent by the customer must not be tampered
with. Otherwise, this could result in surplus production or supply shortages,
thereby incurring high costs to the company.
BSI-Standard 100-3: Risk analysis based on IT-Grundschutz Page 15
16. 5 Threat assessment
Communication server S3
etc.
Client C4
Confidentiality: normal
Integrity: high
Availability: high
T 1.2 Failure of the IT system OK=N
Special software whose installation is costly and time-consuming is used on
Client C4 to communicate with the customer.
T 2.U2 Damage to information technology in production department OK=N
The processing of information in automated production areas is only
marginally dealt with in the IT-Grundschutz Catalogues.
etc.
BSI-Standard 100-3: Risk analysis based on IT-Grundschutz Page 16
17. 6 Handling risks
6 Handling risks
6.1 Alternative methods for handling risks
In practice, the risk assessment usually identifies a number of threats which are not adequately
counteracted by the measures contained in the IT-Grundschutz Catalogues. Risks for operating the
information domain may arise from these residual threats.
Therefore, a decision on how to deal with the remaining threats has to be taken. In all cases
management must be involved in this decision because there may under some circumstances be
substantial risks or additional costs. The following alternatives exist for each threat in the threat
summary that has been assigned OK=N.
A. Risk reduction through additional security measures: The residual threat is eliminated by
working out and implementing one or more supplementary security measures that counteract
the threat adequately. The following sources of information on supplementary IT security
measures may be useful:
- The manufacturer's documentation and support if the affected target object is a product
- Standards and "best practice" as prepared, for example, by the information Security
Department’s committees
- Other publications and services, for example, those offered on the Internet or by specialised
companies
- Experience gained within the institution or at co-operation partners
B. Risk avoidance through restructuring: The remaining threat is removed by restructuring the
business process or information domain. The reasons for such changes may include:
- All effective counteractions are too expensive, but the remaining threat cannot be accepted
- Restructuring is appropriate for other reasons, such as reducing the costs
- All effective counteractions would be accompanied by substantial restrictions to the
functions or comfort of the system
C. Risk acceptance: The remaining threat and the risk arising from it are accepted. The reasons for
such decisions may include:
- The threat only results in damage in very special circumstances
- No effective counteractions are currently known for this threat and in practical terms it is
difficult to avoid
- The effort and cost of effective counteractions exceed the value of the asset to be protected
D. Risk transfer: The risk ensuing from the remaining threat is transferred to another institution,
by taking out an insurance policy, for example, or by outsourcing. The reasons for such
decisions may include:
- The potential losses are of a purely financial nature
- The company already plans to outsource parts of the business process for other reasons
- For commercial or technical reasons the contractual partner is better placed to handle the
risk
To prepare a well-founded decision as to which of the four handling options is chosen for each risk, a
brainstorming session should be performed. During this session supplementary IT security measures
(Alternative A) can be considered. The sources of information listed above should be used.
BSI-Standard 100-3: Risk analysis based on IT-Grundschutz Page 17
18. 6 Handling risks
Notes:
IT-Grundschutz safeguards marked in the catalogues as additional (Z) can be used as starting points
for further security safeguards in the context of a risk analysis. These safeguards are examples that go
beyond the scope of IT-Grundschutz and which are commonly used in practical applications. Note
though, that IT-Grundschutz safeguards marked as additional (Z) are not automatically binding, even
when the security requirements are high. They also do not need to be integrated into a risk analysis.
In some cases it is possible to identify security measures that cover part – but not all – of the sub-
aspects of a threat. Then the question of how to deal with the threat arises (Alternative A or C). The
threat should be divided into two threats that can then be handled separately using Alternative A or C.
The existing security measures for the target object under review should also be considered. This may
involve referring back to the results of the basic security check (see Section 4.5 of the IT-Grundschutz
Methodology).
The hypothetical effort and cost of any security measures possibly required and information on
existing security mechanisms are important decision-making aids.
- For Alternative A the supplementary security measures are added to the security concept. A
clear reference to the corresponding, detailed description of the measures is sufficient.
- In general Alternative B results in restarting the IT security process for the affected parts of the
information domain. In most cases this begins with the structure analysis. Naturally, this may
involve referring back to the information and documentation previously compiled.
- For Alternative C the resulting risk must be made transparent. The decision is taken by
management and clearly documented.
- For Alternative D the appropriate form of contract is one of the most important aspects. Sound
legal advice should be taken on this, particularly in the case of outsourcing schemes. The
decision is taken by management and clearly documented.
Important: Where no sufficiently effective countermeasures are specified in the IT-Grundschutz
Catalogues for certain threats, the manner in which the latter are handled can be critical for the overall
IT system risk in the information domain under examination. Due consideration should be given to
using external consulting services in these matters.
6.2 Risks under examination
During the risk analysis, threats may be identified under some circumstances that lead to risks which
may be acceptable now, but which will probably increase in the future. This means that it may be
necessary to take action during further development. In such cases, it is appropriate and common to
prepare and create supplementary security safeguards in advance. These safeguards can then be put in
to operation as soon as the risks become unacceptable. These supplementary security safeguards are
to be documented and marked separately. In the documentation of the risk analysis, the corresponding
threats are initially marked with a "C", and the risks resulting from them are examined. As soon as the
risks become unacceptable, the supplementary security safeguards marked are checked, updated if
necessary, and added to the security concept. The handling for the corresponding threats is changed to
"A" in the documentation of the risk analysis. The handling could also be set to "B" or "D" as an
alternative in this case as well.
After a decision on which of the handling options described is to be selected for each remaining threat
in the threat summary, it is possible to produce the security concept for the information domain under
review.
BSI-Standard 100-3: Risk analysis based on IT-Grundschutz Page 18
19. 6 Handling risks
Example: (Excerpt)
The following decisions are taken for the threats identified in Section 0 as OK=N:
Communication server S3
Confidentiality: normal
Integrity: high
Availability: high
T 1.2 Failure of the IT system
"A" Supplementary IT security measure:
S 6.U1 Provision of a complete replacement system for communicating with the customer
A complete replacement system for communicating with the customer will be provided.
This covers all the technical modules including communication links. The replacement
system will be located in Room E.3. It must be ensured that the replacement system has
the same configuration as the production system at all times and can be used within 30
minutes. The communication with the customer takes place over a dial-up connection.
The whole replacement system including dial-up connection is tested at least once a
quarter and whenever the configuration is changed.
T 5.85 Loss of integrity of information that should be protected
"C" Risk acceptance:
Although the risk is minimised to some extent by the safety mechanisms built into the
transmission and IT systems, there could be further security incidents leading to the
adulteration of order requirement information and thereby incurring high costs for the
company. This remaining risk is accepted and the responsibility is taken by management,
because all effective counteractions are uneconomic.
etc.
Client C4
Confidentiality: Normal
Integrity: High
Availability: High
T 1.2 Failure of the IT system
"A" Supplementary IT security measure:
S 6.U1 Provision of a complete replacement system for communicating with the customer
Note: Refer to Communication server S3
T 2.U2 Damage to information technology in production department
BSI-Standard 100-3: Risk analysis based on IT-Grundschutz Page 19
20. 6 Handling risks
Client C4
"A" Supplementary IT security measure:
S 1.U1 Use of a specially protected industrial PC in the production area
The greatest threats to Client C4 in the production area result from air pollution, water
splashes and vibrations. Instead of a commercial PC, an industrial PC that is specially
protected from physical threats will be used. The industrial PC must meet the following
requirements:
- Suitable for installation in a standard 19 inch slot
- Integrated or fold-out display
- Easily exchangeable air filter
- Protection against splashed water in accordance with protection type IP 54
- Protection against vibration to at least 0.2 g at 0-500 Hz
etc.
BSI-Standard 100-3: Risk analysis based on IT-Grundschutz Page 20
21. 7 Consolidation of the security concept
7 Consolidation of the security concept
If additional security measures must be added when handling the remaining threats, the security
concept must subsequently be consolidated. Specifically, this means checking the security measures
for each target object using the following criteria:
Suitability of security measures to counteract threats
- Have all the aspects of the relevant threats been covered in full?
- Do the counteractions match the security objectives?
Interaction of security measures
- Do the measures support each other in counteracting the relevant threats?
- Is an effective entity produced by the interaction of the measures?
- Do the measures conflict with each other?
User friendliness of security measures
- Are the measures tolerant towards user and operating errors?
- Are the measures transparent for users?
- Is it clear to the users if a measure is omitted?
- Is it too easy for users to circumvent the measure?
Appropriateness of security safeguards
- Are the measures appropriate for the corresponding threats?
- Are the costs and effort required for implementation appropriate in scale for the protection
requirement of the affected target objects?
The security concept should be adjusted and consolidated on this basis:
1. Inappropriate security measures should be rejected and after a detailed analysis replaced by
effective measures.
2. Contradictions or inconsistencies in the security measures should be resolved and replaced by
homogenous mechanisms that are co-ordinated with each other.
3. Security measures that are not accepted by users have no effect. Practical solutions that restrict
or hinder users as little as possible should be found.
4. Security measures that are too difficult or costly should either be re-worked or rejected and
replaced by appropriate protective measures. On the other hand, measures that are too weak
endanger IT security. They should also be reworked or replaced.
It can be eminently advisable to adopt further practices for improving information security, such as
penetration tests. These aim to simulate the behaviour of a deliberate perpetrator (insider or outsider).
The results may in turn produce changes to the existing security concept.
BSI-Standard 100-3: Risk analysis based on IT-Grundschutz Page 21
22. 7 Consolidation of the security concept
Example: (Excerpt)
When consolidating the security concept for the supplier company, the following issues were found:
- The relevant measures from the IT-Grundschutz Catalogues must also be taken for the
replacement system called for in S 6.U1. The differences to the production system are only with
regard to installation location and WAN connection. Therefore, the replacement system must be
integrated into the IT-Grundschutz model.
- Measure S 6.53 Redundant arrangement of network components planned on the basis of the IT-
Grundschutz is made more specific for Switch N7 by Measure S 6.U1. After implementing S
6.U1, S 6.53 has also been implemented for target object N7. Measure S 6.53 can therefore be
deleted from the security concept for Switch N7.
- Two years ago it was decided that Measure S 5.68 Use of encryption procedure for network
communication was not essential. A joint project group with the customer has reached the
conclusion that this decision is no longer in accordance with the state of technology. Therefore,
the requirements for configuring the router will be reworked in the short term and adapted to
the current requirements.
- The supplementary IT security measure S 1.U1 considers the basic infrastructure specific to
Client C4. In addition to this client, other information technology is being operated in the
production area which is not the subject of the risk analysis but must be duly protected
nonetheless. The company is taking the implementation of Measure S 1.U1 as an opportunity to
develop a policy governing the safe operation of information technology in the production area.
- etc.
BSI-Standard 100-3: Risk analysis based on IT-Grundschutz Page 22
23. 8 Feedback to the security process
8 Feedback to the security process
Once the security concept has been consolidated, the security process, as specified in the IT-
Grundschutz Methodology, can be resumed. Therefore, the adjusted security concept becomes the
basis for the following work steps:
- Basic security check (Section 4.5 of the IT-Grundschutz Methodology). A basic security check
has already been performed as part of the preliminaries in accordance with the measures
provided under the IT-Grundschutz model. Since the risk analysis generally produces changes
in the security concept, the subsequent implementation status of additional and altered
measures must be checked. If necessary, outdated results should be updated.
- Implementing the security concept (Section 5 of the IT-Grundschutz Methodology). The
security measures planned in the security concept for individual target objects must be
implemented in practice for them to be effective. Among other things, this includes estimating
costs and expenses and deciding on the order of implementation.
- Reviewing the information security process on all levels (Section 6.1 of the IT-Grundschutz
Methodology). To maintain and continually improve the information security, the
implementation of the security safeguards and the suitability of the security strategy must be
checked on a regular basis, among other things. The results of the checks are incorporated in
the updates of the security process.
- Information flow in the information security process (section 6.2 der IT-Grundschutz-
Vorgehensweise). To make the security process understandable, the security process must be
documented at all levels. This includes in particular clear rules for reporting paths and the
information flows. Management must be kept duly informed by the security organisation about
results of reviews, IT security incidents, the status of the IT security process and, where
applicable, about any further status of information security. This process of passing on
information should highlight any problems, positive achievements and potential improvements.
- ISO 27001 Certification on the basis of IT-Grundschutz (Section 7 of the IT-Grundschutz
Methodology). In many cases it is desirable to make the value of information security and the
successful implementation of IT-Grundschutz in a public agency or company transparent
internally and externally. To this end the BSI has established appropriate mechanisms by way
of IT-Grundschutz Attestation and " the auditor attestations and the ISO 27001 Certification in
compliance with IT-Grundschutz".
- Transfer to GSTOOL (Refer to http://www.bsi.bund.de/gstool). Where the security management
is supported by GSTOOL or other software, the results of the risk analysis should, as far as
possible, be incorporated therein. In the case of GSTOOL this applies in particular to new or
revised security measures which are not contained in the IT-Grundschutz Catalogues in this
form.
BSI-Standard 100-3: Risk analysis based on IT-Grundschutz Page 23