Cyber Security Europe IT-SA 2019

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

INTERVIEW

cybersecurityeurope PAGE 48

stakeholders, in particular with the

public and private sectors. The German Alliance for Cybersecurity (ACS), a body initiated by the BSI, is a good example of a joint platform that includes valuable recommendations and ‘best practices‚ to protect enterprise networks against cyber attack incidents, for both technical and non-technical audiences. The ACS also promotes and organises meetings and workshops to foster information exchange.

CSE: In many European organisations, responsibility for cyber governance is now shifting from a largely IT responsibility to a responsibility that is shared with senior executives in

non-technological roles. What

effect will this transition have on enterprise cyber governance as we enter the 2020s?

AS: This shift is really a necessary and natural

development, I would say. The

secure handling of all information has become one of the key factors for the success of a company. Subsequently, the corresponding infrastructure – i.e., the information technology – has [what could be called] existential meaning for every organisation. This development has changed the perception of governance- and security professionals in many organisations: CEOs used to think that IT experts would prevent – or at least decelerate – organisational decisions. It was more comfortable to ignore them. Now, they are often sitting right next to the board to influence strategic thinking.

CSE: How does the BSI work with non- technical executive management in German organisations to help to improve understanding of the cyber security threats they face, and to improve their sum knowledge of enterprise cyber security practice?

AS: [It is true that] many executives have already realised that information security is now a prerequisite for a successful

[transformational] digitisation process. Hence, they are more open for arguments and measurements with regard to cyber security than they were three or four years ago. The BSI takes part in various events, working groups or publications – technical as well as non-technical – to improve the awareness in German organisations. We also attend events focused on CEOs and board-level executives, hoping to achieve a drop-down of cyber security understandings to every part of the company. But we’re not only there to advocate a cause. It’s more like a dialogue.

CSE: The BSI seems far more involved in the area of secure certification than are national cyber security agencies in other European states. If that’s correct, can you explain why this is?

AS: Well, in co-operation with our partner organisations from other EU member states, the BSI is putting much

IT now has existential meaning for every organisation... That’s changed the perception of governance.

significant effort into cyber security certification. Certification helps to raise the bar for attackers. It demands a common minimum degree of security.

It enables

regulations and procurement to make use of

measurable minimum requirements

for products and services. It also further enables industry to sell security based on an independent assessment of their offers. It is one of the motors of innovation in the realm of IT security – as security often does not sell by itself. When we mandate the usage of IT for every citizen, we need to make sure it fulfils highest standards to protect private information.

ACCREDITATION Words | James Hayes Photography | BSI

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36 | Page 37 | Page 38 | Page 39 | Page 40 | Page 41 | Page 42 | Page 43 | Page 44 | Page 45 | Page 46 | Page 47 | Page 48 | Page 49 | Page 50 | Page 51 | Page 52 | Page 53 | Page 54 | Page 55 | Page 56 | Page 57 | Page 58 | Page 59 | Page 60 | Page 61 | Page 62 | Page 63 | Page 64 | Page 65 | Page 66 | Page 67 | Page 68 | Page 69 | Page 70 | Page 71 | Page 72 | Page 73 | Page 74