Inhalt
Companies and organizations operating in the critical infrastructure sector (KRITIS) are subject to special requirements. The BSI Law obliges them to regulate the protection of these critical infrastructures at IT level. SECUINFRA has produced a white paper as a guide and orientation aid to help affected companies with implementation. This guide is available here as a free download.
For all companies and organizations whose function is of essential importance for maintaining social order, the part of the German Federal Office for Information Security Act (BSI Act) that regulates the protection of critical infrastructures at IT level applies. These include electricity and water suppliers, transformer stations, internet providers, hospitals, insurance companies and banks. This means that many different organizations of different sizes and structures are affected. KRITIS companies must no longer only take preventive measures to prevent attacks, but must also have the ability to recognize successful attacks and attempted attacks and deal with these incidents in an orderly manner.
White paper for KRITIS companies
To this end, the BSI requires the use of “systems for attack detection” (SzA). However, this and other formulations are legal rather than established, technical terms. In our white paper on the BSI Law, we therefore offer guidance on the use of such systems for attack detection. In doing so, we focus on the necessary human resources as well as the technical systems. We distinguish between the three sub-areas of logging, detecting attacks and responding to security incidents. We also provide a brief overview of the systems: for example SIEM or an equivalent XDR, Managed Detection & Response (MDR), orientation to the MITRE ATT&CK Framework and tools for Security Orchestration, Automation and Response (SOAR).
You can download the white paper “The BSI Law: An implementation guide for KRITIS companies” free of charge here.