Posts

Videobeitrag - TISAX - Prototypenschutz - IT-Sicherheit - Informationssicherheit - Informationssicherheitsbeauftrater - IT-Sicherheitsbeauftragter - IT-Security - Information Security Officer - ISB - ITS - Autohäuser

VIDEO: TISAX® prototype protection – what are prototypes and what should be considered?

In addition to information security and data protection, there is a third area in which the VDA-ISA defines requirements. In the video, we deal with this third area with the topic: “TISAX® prototype protection”.

Read more

NIS2 - Security of Network and Information Systems 2

NIS2 – Security of Network and Information Systems 2.0 for more cybersecurity in the EU

At the end of 2020, the EU Commission presented a draft for the Security of Network and Information Systems (NIS) 2.0 directive. This is intended to replace the NIS Directive, which became the first EU-wide cybersecurity law to come into force in August 2016. The new draft makes further demands on companies with regard to cybersecurity.

Read more

Another vulnerability in Microsoft Exchange servers

The widespread Microsoft Exchange mail server has again been targeted by cyber criminals. Last week, security researcher Orange Tsai presented a new attack method called ProxyShell on said software at the BlackHat security conference. This now prompts criminals to actively look for this loophole and exploit it, as the evaluations of various honeypots show. In computer security, a honeypot is, for example, a server that simulates the network services of a computer, an entire computer network. Honeypots are used to obtain information about attack patterns and attacker behavior. Due to the information obtained in this way, this situation is to be regarded as very critical, especially if the Microsoft Exchange Server can be reached via the Internet, which is currently the case with over 400,000 servers.

Read more

Unterschied zwischen TISAX und ISO27001 - ISMS

Difference between TISAX® and ISO 27001

Information security in the company is becoming increasingly important. In this context, the establishment and maintenance of an information security management system, ISMS for short, is of central importance. In order to successfully master this project, TISAX® and ISO 27001 are often referred to. This blog article will therefore highlight the difference between TISAX® and ISO 27001.

Read more

Brand bei OVHcloud - Cloud - Datenschutz - DSGVO

Fire at OVHcloud

Data in the cloud must also be secured!

The serious fire at Europe’s largest cloud provider OVHcloud last week vividly illustrates the consequences that can occur for companies if IT security is not given appropriate priority.
Due to the fire, all servers had to be shut down. The result: according to media reports, more than 3 million websites were at least temporarily unavailable. Among them were also those of smaller government institutions in various countries. And: Some customers lost data completely.
Many companies are only slowly realizing that IT security is not optional. Nevertheless, many still deal with the topic far too superficially and in many cases simply rely on “the cloud”.
The devastating fire at OVHcloud is a good example of what this can lead to. According to press reports, a number of customers lost data for good because they had not provided a sufficient backup.

Read more

Cyber Gefährdung - Datenschutz und IT-Sicherheit - Corona bedingt verschärft

Risk in the area of information security and data protection from Corona intensified

The corona pandemic has given SMEs in particular a boost in digitization. Collaboration tools have reached an unprecedented level of penetration. Home office is widely accepted by employers. For many companies and employees, everyday life in the company has improved and made it easier. Despite all the euphoria, one shouldn’t forget data protection and information security. The BSI (short for Federal Office for Information Security) also reminds of this in its “Report on the Situation of IT Security in Germany 2020” from October 20, 2020, in which it states that the attack surface and the associated cyber threat to criminals increased during the pandemic.
Read more

Daten, Papierarchieve, DSGVO, was gibt es alles zu beachten?

Data protection in data and paper archives

The digitization of processes, the outsourcing of data to cloud solutions, email archiving, the implementation of the requirements from the GoBD with regard to the documentation of digital business processes with corresponding storage solutions and backups as well as the handling of the extensive requirements for IT security and data protection resulting from all this are all part of the The center of the action.
Read more

Datenschutz und Informationssicherheit in Clouds - was gibt es zu beachten?

Information security and data protection in clouds

Data storage is increasingly moving to the clouds, away from local servers. What many companies are not aware of: Although it is practical to hardly have to worry about anything, you still have to ensure data protection and information security yourself.

Read more

Information security, IT security and data protection – terms simply explained

Information security, data protection and IT security are three terms that are often used in the same context in everyday life, but have different meanings. The corresponding measures usually go hand in hand, but data protection, data security and IT security have very different priorities. All three areas are of crucial importance within a company. You can find out what is important in detail and what the specific differences are in the blog article.

Read more

Reaktion zum Schrems II Urteil US-amerikanisches Handelsministerium veröffentlicht White Paper - Datenschutz -

Response to Schrems II judgment US Department of Commerce publishes white paper

The judgment of the European Court of Justice, which determined the ineffectiveness of the Privacy Shield Agreement between the European Union and the USA (Schrems II), did not go unnoticed in the USA either. In response, the US Department of Commerce has now published a white paper on data protection risk analysis as part of data export to the USA.

Read more