it-sa 365 Webinar 2022: Welcher Standard der Informationssicherheit eignet sich für mich?

05/05/2022

it-sa 365 Webinar 2022: Which information security standard is right for me?

Information security measures have become indispensable in today's world. Especially after the amendment of the German KRITIS Regulation 2021, more and more companies are forced to provide evidence of the functional capabilities of their information security systems. This is done by certifying the ISMS (i.e., information security) according to a recognized standard. The most widely used standards in Germany include the international standard ISO/IEC 27001 and the national standard BSI IT-Grundschutz - But which standard is suitable for your company?

Norm selection with COMPLION

At COMPLION, we have dealt with this question in detail and investigated a possible approach that supports companies and public organisations in selecting a suitable standard. In doing so, we have considered typical challenges and pitfalls that stand in the way of successful certification.

The result is a two-step approach. First, the focus is on selecting the appropriate standard. To do this, it is imperative to analyze one's own company in order to gain knowledge of critical and non-critical information. This is followed by an analysis of the requirements placed on the company, for example by laws or customers.The second step is project planning and implementation of the ISMS, which ends with successful certification.

Auswahl des geeigneten Standards

COMPLION at it-sa 365

In the context of it-sa 365, the largest trade fair for IT security in Europe, COMPLION presented this issue and the solution concept developed for it on March 15. Using the example of the two standards ISO/IEC 27001 and BSI IT-Grundschutz, it was discussed which technical peculiarities are inherent in these two standards and which advantages and disadvantages result in different application scenarios. Likewise, various instructions for action were derived from this, which enable successful certification and are partly indispensable for this.

Unterschiede zwischen ISO 27001 und IT-Grundschutz

In our 30-minute keynote presentation followed by a discussion among around 70 participants from various sectors (including digital decision-makers from small and medium-sized enterprises and public authorities), there was a lively exchange on the two standards presented in particular and their practical implementation.

The positive feedback from the participants and their lively participation illustrate the increasing importance of information security in organizations. It also shows that there is potential for development within the organization with regard to the technical knowledge of individual standards in order to select the appropriate standard for the certification of one's own company. We hope that our webinar was able to support participants in the selection of upcoming certifications in the future and thus make them more secure by improving their information security.

If you too are about to implement IT security standards, such as ISO/IEC 27001 or IT-Grundschutz and would like to benefit from COMPLION's expertise, please contact us here.

Authors: Robin Enste and Jan-Hendrik Butt