What the BSI Standards 200 Mean for Companies

What the BSI Standards 200 Mean for Companies

With the further development of the BSI 200 standards as part of the basic IT protection, the German Federal Office for Information Security (BSI) wants to help companies follow uniform specifications in IT security. Companies that want to sustainably improve their IT security should promptly address the requirements of the updated BSI standards. What the … Read more

What Is Self-Sovereign Identity (SSI) and Its Use

What Is Self-Sovereign Identity

Self-Sovereign Identity (SSI) ensures secure and trustworthy digitization. Users can self-sovereign their digital identity and credentials such as ID cards or certificates to applications. The European SSI ecosystem breaks dependencies on monopolists and gives us the freedom to shape the digital future with confidence and speed. What Is Self-Sovereign Identity? Self-Sovereign Identity (SSI) is a … Read more

What is KMIP (Key Management Interoperability Protocol)?

What is KMIP Key Management Interoperability Protocol

The Key Management Interoperability Protocol is a protocol standardized by OASIS (Organization for the Advancement of Structured Information Standards). KMIP enables the communication of applications and systems for the storage and management of keys, certificates, or other secret objects. Managing encryption keys efficiently and securely has become a critical challenge for organizations. Enter Key Management … Read more

What Is Home Office?

What is Home office

Home office is a form of telework that can be performed as telecommuting or alternating telecommuting. The work is performed completely or partially from private premises. Contact with the company, colleagues, or customers takes place via telephone, e-mail, and other Internet services. The IT and communications equipment required is a telephone, PC or laptop, and … Read more

What is Patch Management?

what is patch management

In today’s rapidly evolving digital landscape, software vulnerabilities and bugs are commonplace. Cybersecurity threats are continually advancing, and attackers are relentless in their efforts to exploit any weakness in software systems. Patch management plays a crucial role in mitigating these risks and keeping computer systems, applications, and networks secure. However, what is patch management exactly‎? … Read more

CISO vs. CSO – What Are the Differences?

CISO vs. CSO - What Are the Differences?

CISO vs CSO? They sound very similar, and yet they are different: the Information (Chief) Security Officer (CSO) and the (Chief) Information Security Officer (CISO). While the Information Security Officer is concerned with the security of data and information, the Security Officer is responsible for the overall security of the organization. Both the Information Security … Read more

What is Common Criteria Recognition Arrangement (CCRA)?

What is Common Criteria Recognition Arrangement CCRA

Common Criteria Recognition Arrangement is an international agreement for mutual recognition of IT security certificates issued on the basis of the Common Criteria (CC). Signatory states recognize certificates of products and Protection Profiles issued by different national certification bodies. A distinction is made between Certificate Producer and Certificate Consumer among the participating states of the … Read more

What is SECAM (Security Assurance Methodology)?

What is SECAM Security Assurance Methodology

Security Assurance Methodology is a framework developed by the 3rd Generation Partnership Project (3GPP) to assure and evaluate the security of network products used in the mobile communications sector. An important partner in the development and implementation of the framework is the GSM Association (GSMA). SECAM provides general, testable security requirements and security properties for … Read more

Security Awareness: Where Internal Weak Points Really Lie

Security Awareness

Increasing digitization is raising the demands on IT security. However, incomplete digitization of processes in terms of security means that the ever-increasing threats directly impact information security and processes in companies. However, with solid security awareness combined with secure automated processes and solutions, companies can build their security from the inside. In this way, dangers … Read more

What is a Network Domain?

What is a network domain

A network domain is an administratively delimited network area that can be used to logically map the organizational structures of a company. Security policies, user rights, and user roles are managed centrally via a domain controller. A user logs on to a domain via the domain controller. Domains have unique names and are structured hierarchically. … Read more

What is ISO 27002?

What is ISO 27002

In today’s digital age, information security has become paramount for businesses and organizations worldwide. With the increasing frequency and sophistication of cyber threats, safeguarding sensitive data and ensuring the confidentiality, integrity, and availability of information has become a top priority. This is where ISO 27002 comes into play. ISO 27002, also known as ISO/IEC 27002:2013, … Read more

What Is A Username On A Computer?

What Is A Username On A Computer

In the computer environment, the user name enables logging into a protected area of a computer, a service, a website, or a program. As a rule, the user name is used in combination with a password to authenticate oneself against the protected area. A username serves as an essential identifier for individuals or entities accessing … Read more

What is BSI Standard 200-1?

What is BSI Standard 200-1?

BSI Standard 200-1, along with Standards 200-2 and 200-3, is an elementary component of the BSI’s IT-Grundschutz methodology. It defines the general requirements for information security management systems (ISMS – information security management systems) and is compatible with ISO standard 27001. The aim of the BSI standard is to make the business processes of companies … Read more

What is a DDoS attack?

what is a ddos attack

A DDoS attack attempts to cause the unavailability of Internet service through a deliberately induced overload. Usually, botnets consisting of a multitude of individual systems are used for the attack. The target of the attack can be servers or other network components. DDoS attacks have become increasingly common in today’s digital landscape, posing significant threats … Read more

What is A Penetration Test?

What is a Penetration Test

In a penetration test, IT systems or networks are subjected to a comprehensive examination designed to determine their susceptibility to attack. A pentest uses methods and techniques that real attackers or hackers use. In today’s digital landscape, where cyber threats are on the rise, organizations need to be proactive in identifying vulnerabilities in their systems … Read more

Cyber Kill Chain: Understanding the Stages of a Cyber Attack

cyber kill chain

To detect and defend against cyberattacks earlier, you need to understand the attackers’ objectives and approach and build defenses accordingly. The Lockheed Martin Cyber Kill Chain is a multi-step model for analyzing attacks and building defenses along with the attack steps. Cyber attacks have become increasingly sophisticated and prevalent. Understanding the methods employed by attackers … Read more

What is Air Gap?

What is Air Gap

Air Gap is a security concept that meets the highest security requirements. It describes the complete physical and logical isolation of computers from each other and from networks. Information exchange between systems is possible, for example, via transportable storage media. Methods such as side-channel attacks exist to overcome an air gap. What is Air Gap? … Read more

What is PPTP (Point-to-Point Tunneling Protocol)?

What is PPTP Point-to-Point Tunneling Protocol

The Point-to-Point Tunneling Protocol (PPTP) can be used to implement virtual private networks over IP-based networks such as the Internet. It is an extension of the Point-to-Point Protocol and is implemented in many operating systems. Due to known vulnerabilities, PPTP is no longer considered secure today. Secure communication plays a vital role in safeguarding our … Read more

What is Security by Design?

What is Security by Design

Security by Design is a design concept applied in hardware and software development. The security of hardware or software is already considered in the development process and integrated into the complete life cycle of a product. Design criteria include, for example, minimizing the attack surface, using encryption and authentication, and isolating security-relevant areas. Security is … Read more

What is CVE (Common Vulnerabilities and Exposures)?

What is CVE Common Vulnerabilities and Exposures

Common Vulnerabilities and Exposures (CVE) is a standardized list of vulnerabilities and security risks of computer systems. Thanks to the unique naming, the exchange of data about vulnerabilities and security risks is simplified. Sequential numbers uniquely identify the various entries. In the ever-evolving landscape of cybersecurity, vulnerabilities pose a significant threat to the integrity and … Read more