News

Business Continuity Management in ISO 27002:2022

By |2022-03-07T15:52:25+01:00 7 March, 2022|News, Norms & Standards|

In February 2022, ISO 27002 "Information security, cybersecurity and privacy protection - Information security controls" was updated and replaces its predecessor from 2013 with the 2022 version. ISO 27002 is the guidance for implementing the requirements from ISO 27001 and consequently is not itself a certification standard. Certification continues to be based on the ISO 27001 standard. The title of the standard has been changed (formerly: "Information technology - Security techniques - Code of practice for information security controls"), the structure of the controls has been changed, for example by assigning attributes to the individual controls and controls have been merged, the descriptions updated and controls deleted. These changes will be included in the ISO 27001 update and will be mandatory for future ISO 27001 certifications. The following controls were added: Threat intelligence Information security for use of cloud services ICT readiness for business continuity Physical security monitoring [...]

High availability and disaster recovery: What lies ahead for IT in 2022

By |2021-12-13T08:11:53+01:00 13 December, 2021|News|

In 2021, IT teams had to cope with enormous changes and protect their critical operations against unprecedented threats from Covid, natural disasters, supply chain disruptions and staff shortages. Many moved mission-critical systems to the cloud and hybrid cloud and implemented advanced, application-specific high-availability clustering and disaster recovery solutions. The impact of global change and looming threats continues. What do these changes mean for IT in the coming year? Here are some predictions to consider. Multi-cloud infrastructures will become mainstream With the widespread adoption of cloud computing as a core component of today's IT infrastructures, organizations will no longer consider a single cloud for their cloud needs. Despite the added complexity of running different workloads on different clouds, a multi-cloud model will allow enterprises to select cloud offerings that are best suited for their unique application environments, availability requirements and business needs. However, enterprises should note that cloud SLAs [...]

Emergency drills – stumbling blocks and importance

By |2021-08-31T12:01:14+02:00 31 August, 2021|News, Safety|

Due to multiple threat possibilities (e.g. natural phenomena, increasing dependencies on information technology, international terrorism, blackouts, pandemics, etc.), emergency drills are an important tool to prepare a company/organization for such scenarios. Only those who are prepared and feel prepared can handle an emergency adequately and in a timely manner. If this is not the case, emergencies can develop into crises or even disasters for one's own company/organization or even for other stakeholders. This article is intended to shed a little light on the complex topic of emergency drills, emphasizing the importance and problem areas of such drills by highlighting some aspects. Thus, there is by no means any claim to completeness. Importance of emergency drills As mentioned earlier, we are all virtually at the mercy of a variety of threats that can result in physical or financial damage or damage to reputation. These threat opportunities are difficult for [...]

Comments Off on Emergency drills – stumbling blocks and importance

Makeshift hospitals in times of Corona

By |2021-08-19T09:14:47+02:00 19 August, 2021|Interest, News|

In the times of the Cold War, the provision of makeshift hospitals, also called auxiliary hospitals or emergency hospitals, was part of the legally obligatory precautions of the federal states with the support of the federal government. The basis for this in Germany is § 15 of the law on civil defense of 09 August 1976, which has already been replaced by a new version of 1997. In the currently valid version of the Civil Defense Act, there are no longer any requirements for the provision of auxiliary hospitals, although the current Corona situation shows that makeshift hospitals are needed more than ever to ensure medical care for the people. Time and again, the media report on plans to build makeshift hospitals to physically separate Corona-infected people from other patients and thus reduce the spread of the infection. The German pioneer is Berlin, where a hospital is being [...]

Comments Off on Makeshift hospitals in times of Corona

“New Normal” – Really that new?

By |2021-08-18T13:58:00+02:00 18 August, 2021|Interest, News|

In many places, life with and after SARS-Covid-19 is currently being described as the new normal. But much of what is supposed to be "new" is not so new. I dare to take a look back. The call of the tower guard: "Close the gates" announced imminent danger. The "lockdown" was the consequence. Isolation and waiting (historically: quarantine = 40 (itl. quaranta) days waiting period for ships entering the port of Venice to protect the narrow city from epidemics) were always the first step to ward off an epidemic. So far, nothing new. But behind the term "New Normal" lies the question of how to shape the future. And not just in dealing with a pandemic event. In terms of business processes, this means formulating modified requirements for business continuity management (BCM). Because closing the gates and waiting will have consequences: Necessary movements of people and goods are [...]

Crisis management in hospitals

By |2021-08-18T09:42:13+02:00 13 August, 2021|Interest, News|

Incidents in hospitals are not uncommon. Statistics show that every day there is a cyberattack, every week a fire, every month an external threat (e.g., supply shortages), and every year a police incident that can present challenges to hospitals. The most recent example is the hacker attack on the University Hospital in Düsseldorf, North Rhine-Westphalia. The actual extortion letter was directed at the university in Düsseldorf, however the hospital also suffered massive impact. Due to the encryption of patient data, normal operations were no longer possible. As a result, patients of the ambulance service were diverted. One person died in the process, resulting in a charge of involuntary manslaughter. Through contact between the police and the blackmailers, the danger to people was pointed out, whereupon a decryption code was issued. Nevertheless, repercussions are still present today and normal operations have not yet been fully restored. This example shows [...]

Ransomware in the hospital – only now a danger?!

By |2021-08-18T09:46:21+02:00 13 August, 2021|News|

The attack on a hospital with ransomware can have far-reaching consequences for the healthcare sector. In addition to the loss or theft of data, the failure of IT systems is also a crisis situation for hospital business. The damage from this is not only delayed medical care, but also financially this event can develop into an existential threat. Especially when there is blackmail involving large sums of money. This makes it all the more surprising that it is only now that this danger posed by ransomware to hospitals is being publicly addressed and specifically warned against. The example of a hospital network in Rhineland-Palatinate and Saarland, which was affected by ransomware in 2019 and had to compensate for several days of IT outages, is representative of many more events of this kind, most of which have not been publicly discussed. It is estimated that about 64% of hospitals [...]

Come with us ahead of the situation!

By |2021-08-18T09:47:52+02:00 13 August, 2021|News|

In the event of a fire, fire extinguishers are ready and waiting in your buildings. But how are you prepared for other crisis that have an existential impact on your day-to-day business and your company's success? That is exactly what we are experts in! In this blog, we would like to shed light on exciting topics related to business continuity and address everyday as well as unusual issues. we look forward to your comments and suggestions!   An article by Robert Osten, published on 16 November 2018 Translated by Charlotte Ley

Comments Off on Come with us ahead of the situation!

Cyber Due Diligence

By |2019-09-30T14:40:46+02:00 30 September, 2019|News|

The need for cyber due diligence in a merger or acquisition is more relevant than ever. On 9 July 2019, the UK Information Commissioner's Office (ICO) announced that it would issue Marriot International with a £99 million fine for breach of European data protection law under the European Data Protection Regulation (GDPR). The fine relates to a breach of Starwood Hotels, one of Marriot International's recent acquisitions. Over 500 million of its guests may have been affected. The ICO's report says "Marriot failed to exercise sufficient diligence in the Starwood acquisition and should have done more to secure its systems". This failure underscores the need for parent companies and investment firms to improve their management of the security and privacy risks associated with their acquisitions and subsidiaries and to reckon with appropriate sanctions. Mergers and acquisitions inevitably entail financial, legal and reputational risks. The Marriott case is one [...]

Comments Off on Cyber Due Diligence
Go to Top