Logo des Repositoriums

Auflistung nach Schlagwort "Security Architecture"

1 - 2 von 2
  • Konferenzbeitrag
    Federal Cybersecurity Architecture and Information Security Management - Adoption and Diffusion of the NIS-2 Requirements
    (6. Fachtagung Rechts- und Verwaltungsinformatik (RVI 2023), 2023) Rehbohm, Thomas; Moses, Frank
    Europe, the federal government, the federal states, municipalities, and their business enterprises are facing the challenges of a hybrid threat situation. At a time when information technology is growing faster than ever before, information cyber security and security management system (ISMS) assessment have become one of the most important aspects of most public sector organisations. The dependency on technology for almost every single process in public sector organisations has put ISMS at the top of the corporate agenda. For public organisations in particular, the NIS 2 Directive describes abstract requirements for the development of an ISMS. At the same time, minimum requirements should be defined that help municipal administration set up an information security management system quickly and easily. This paper summarizes the different requirements and generates a foundation for a rough procedural model, for implementing the upcoming requirements of the NIS 2 Directive quickly and easily in local governments. In particular, the current discussion focuses on securing ICT infrastructures and services of all providers of services of general interest. European and national regulations provide the framework for an appropriate response to this threat to the common good. The federal cybersecurity architecture of a member state such as Germany, presented here, must fit into the European context. Procedures for the implementation of information security management systems complement this theoretical model. This thesis presents a federal cybersecurity model.
  • Zeitschriftenartikel
    Unternehmensarchitekturen aus Sicht von IT-Risikomanagement und IT-Revision
    (HMD Praxis der Wirtschaftsinformatik: Vol. 55, No. 5, 2018) Knoll, Matthias
    Die Wahl der „richtigen“ Architektur im Kontext des Einsatzes von Informationssystemen in Unternehmen aller Branchen und Größen wird vor dem Hintergrund der fortschreitenden Digitalisierung und damit der zunehmenden IT-Durchdringung der Geschäftsmodelle und -prozesse immer wichtiger. Häufig gerät dabei eine systematische Beschäftigung mit Risiken, die sich aus der Entscheidung für (oder gegen) ein bestimmtes Architekturkonzept ergeben, in den Hintergrund. Weil jedoch Architektur-Entscheidungen einen strategischen Charakter besitzen und ihre Folgen lange nachwirken, erscheint eine risikoorientierte Betrachtung auch unter dem Gesichtspunkt einer prüferischen Begleitung entsprechender Vorhaben immer wichtiger. Der Beitrag zeigt am Three-Lines-of-Defence-Modell auf, welche Herausforderungen auf die einzelnen „Verteidigungslinien“ zukommen, wo welche Verantwortung angesiedelt sein sollte und welche Aufgaben zu übernehmen sind. In the age of digital transformation and disruptive business models the choice of a suitable architecture will play an increasingly important role when employing information technology within businesses of all sizes and industry sectors. Unfortunately a systematic consideration of risks related to a specific decision for or against a certain architectural concept often is of minor importance. However, because architecture decisions are always strategic and bear long-term effects, a risk based approach seems advisable, for example when IT-auditors provide independent (project) assurance. Based on the Three-Lines-of-Defense-Model this article demonstrates which challenges each line of defense has to meet, where responsibilities should be assumed, and which tasks each line of defense has to take over.