Enterprise Risk Management is the term for holistic, enterprise-wide risk management. In contrast to traditional approaches to risk management, ERM does not consider individual risks in isolation, but at the level of the company as a whole, taking into account their mutual interactions. The corresponding security processes to achieve the business objectives are part of … Read more
Chief Risk Officer is the term for a position in the top management level of a company. The CRO is responsible for the company-wide risk management and leads the ERM (Enterprise Risk Management). As part of this management, risks from all different areas are considered for a company. These include, for example, technological, operational, economic, … Read more
The term information protection covers organizational and technical measures to protect sensitive information. The measures apply to both digital and analog information. For example, it can be files, paper documents, or verbal information and know-how. The protection goals are to ensure confidentiality and to prevent a manipulation or undesired outflow of information. Are you curious … Read more
Open source vs closed source – an argument that many users fight with religious fervor. IT decision-makers think more pragmatically: they look for solutions that bring the greatest benefit to their company. Software plays a pivotal role in powering businesses and enhancing our daily lives. When it comes to selecting the right software model, the … Read more
What is DKIM? In the ever-evolving digital landscape, ensuring the integrity and security of email communication has become paramount. This is where DKIM, or DomainKeys Identified Mail, enters the picture. DKIM is a widely-used email authentication method that provides a powerful defense against email fraud and spoofing. If you’ve ever wondered how to ensure your … Read more
What is vulnerability management? If companies try to treat all vulnerabilities equally, they will quickly become overwhelmed. Given the sheer volume, cybersecurity can only be effective if vulnerabilities are considered in the right context and prioritized accordingly. Cybersecurity has become a paramount concern for businesses and individuals alike. Cyber threats lurk in the shadows, seeking … Read more
What is a compliance audit? A compliance audit checks the adherence to legal requirements or other guidelines in a private company or a public institution. Sanctions or fines due to violations of the requirements can be avoided with an audit. Compliance plays a pivotal role in ensuring ethical practices, mitigating risks, and upholding legal obligations. … Read more
What is ePrivacy Regulation? The ePrivacy Regulation (also known as ePrivacy Regulation or ePVO) is intended to regulate the protection of fundamental rights and freedoms of natural and legal persons in the provision and use of electronic communications services in the European Union. The ePVO is designed as a special law within EU data protection … Read more
What is VSaaS? Video Surveillance as a Service is a cloud-based service. The software functions and services required for video surveillance, such as storage space for video recordings, computing power for video analysis, remote viewing applications, and management and security functions, are provided by a provider via the Internet. Locally, only video surveillance cameras are … Read more
What is Spoofing? The term spoofing covers various methods and technical procedures to disguise one’s own identity or to feign a false identity. Several types of spoofing exist, such as IP, e-mail, DNS, ARP, URL, or caller ID spoofing. Cybercriminals use spoofing to gain unauthorized access to sensitive data, perform unauthorized transactions, introduce malware, or … Read more
What is KRITIS? KRITIS is the abbreviation for critical infrastructure. This classification of infrastructures includes facilities or organizations that are of high importance to the community and whose failure would have serious consequences for society and the state order. KRITIS operators must meet minimum IT security requirements, which are regulated in the IT Security Act, … Read more
Just Enough Administration (JEA) is a security feature that can be used starting with Windows Server 2016 and Windows 10 operating system versions. With the help of the feature, the rights of the functions and elements managed by PowerShell can be assigned in a role-based and very finely tunable manner. Cyberattacks, data breaches, and insider … Read more
What Is a Side Channel Attack? A side-channel attack does not directly attack algorithms or data. The attack method uses physical or logical side effects and tries to extract protected information or algorithms by observation and analysis. Electromagnetic emissions, energy consumption, the time required for certain functions, memory usage, and others are used. Side-channel attacks … Read more
What is Bring Your Own Identity? Bring Your Own Identity is the name for a concept in which the digital identity for the use of service is provided and managed by a separate instance. The user can log in to many different services using a single identity. Many social network operators offer their users the … Read more
What is IT Forensics? IT forensics is a subfield of forensics and deals with the methodical analysis of incidents on IT systems and the securing of evidence that can be used in court. The goal is to determine exactly what actions have taken place on an IT system and who caused or is responsible for … Read more
Emergency management is designed to ensure the continuity of business operations during emergencies. It enables organizations to respond appropriately in the event of disruptions to critical business processes. Components of emergency management are emergency preparedness and emergency response. In times of uncertainty and unpredictability, it’s crucial to explore the importance of preparedness, response, and recovery. … Read more
With the further development of the BSI 200 standards as part of the basic IT protection, the German Federal Office for Information Security (BSI) wants to help companies follow uniform specifications in IT security. Companies that want to sustainably improve their IT security should promptly address the requirements of the updated BSI standards. What the … Read more
Self-Sovereign Identity (SSI) ensures secure and trustworthy digitization. Users can self-sovereign their digital identity and credentials such as ID cards or certificates to applications. The European SSI ecosystem breaks dependencies on monopolists and gives us the freedom to shape the digital future with confidence and speed. What Is Self-Sovereign Identity? Self-Sovereign Identity (SSI) is a … Read more
The Key Management Interoperability Protocol is a protocol standardized by OASIS (Organization for the Advancement of Structured Information Standards). KMIP enables the communication of applications and systems for the storage and management of keys, certificates, or other secret objects. Managing encryption keys efficiently and securely has become a critical challenge for organizations. Enter Key Management … Read more
Home office is a form of telework that can be performed as telecommuting or alternating telecommuting. The work is performed completely or partially from private premises. Contact with the company, colleagues, or customers takes place via telephone, e-mail, and other Internet services. The IT and communications equipment required is a telephone, PC or laptop, and … Read more