Contact
QR code for the current URL

Story Box-ID: 941643

Bundesverband IT-Sicherheit e.V. (TeleTrusT) Chausseestraße 17 10115 Berlin, Germany https://www.teletrust.de
Contact Mr Dr. Holger Mühlbauer +49 30 40054306

What is "state of the art" in IT security?

ENISA and TeleTrusT - IT Security Association Germany have published their guidelines in English

(PresseBox) (Berlin, )
In many European countries, national legislators are pursuing the objective of reducing the deficiencies in IT security. In addition, the General Data Protection Regulation (EU) 2016/679 (GDPR) with its high requirements for technical and organisational measures has been in force since May 25, 2018. Both legal sources are demanding that IT security be brought up to the level of "state of the art", but do not say what should be understood by this in detail. In Germany, TeleTrusT - IT Security Association Germany has written guidelines that will be published in English in cooperation with the European Union Agency for Network and Information Security (ENISA).

Daily reports on security incidents in companies and authorities show that there is an urgent need for action to improve IT security. Article 32 of the GDPR regulates "security of processing" to ensure that, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, appropriate technical and organisational measures are implemented. This provision is aimed at ensuring a level of protection appropriate to the risk.

Both national and European legislators are, however, abstaining from laying down concrete, detailed technical requirements and evaluation criteria for technical and organisational measures in the field of security. No methodological approaches are provided to those who must comply with the law. This policy, especially in a dynamic market environment, must be left to the experts.

In this context, the document published on the "state of the art" in IT security provides concrete advice and recommendations for action. These guidelines are intended to provide companies, providers (manufacturers, service providers) alike with assistance in determining the "state of the art" within the meaning of the IT security legislation. The document can serve as a reference for contractual agreements, procurement procedures or the classification of security measures implemented. They are not a replacement for technical, organisational or legal advice or assessment in individual cases.

The English version of the document that has now been published will support companies in all EU countries in identifying the required level of security in the field of IT security.

Dr. Udo Helmbrecht, ENISA Executive Director: "ENISA continues its work in supporting the EU Member States by contributing to this handbook. The articles are designed to provide concrete information and recommendations on how to improve IT security. This booklet should be a useful guide to IT practitioners who have the responsibility for complying with legislation."

TeleTrusT Chairman Prof. Dr. Norbert Pohlmann: "By determining the state of the art, we will be able to adequately increase the level of IT security, strengthen our robustness against cyber attacks and thus significantly reduce the risk of ongoing digitalisation."

TeleTrusT Board Member Karsten U. Bartels: "The consideration of the state of the art is a technical, organisational and legal task for companies and authorities. The guidelines help very specifically at these three levels - both in the operative implementation and in the documentation."

English version: https://www.teletrust.de/...

German version: https://www.teletrust.de/...

Website Promotion

Website Promotion
TeleTrusT - IT Security Association Germany

Bundesverband IT-Sicherheit e.V. (TeleTrusT)

TeleTrusT – IT Security Association Germany

The IT Security Association Germany (TeleTrusT) is a widespread competence network for IT security comprising members from industry, administration, consultancy and research as well as national and international partner organizations with similar objectives. With a broad range of members and partner organizations TeleTrusT embodies the largest competence network for IT security in Germany and Europe. TeleTrusT provides interdisciplinary fora for IT security experts and facilitates information exchange between vendors, users, researchers and authorities. TeleTrusT comments on technical, political and legal issues related to IT security and is organizer of events and conferences. TeleTrusT is a non-profit association, whose objective is to promote information security professionalism, raising awareness and best practices in all domains of information security. TeleTrusT is carrier of the "European Bridge CA" (EBCA; PKI network of trust), the IT expert certification schemes "TeleTrusT Information Security Professional" (T.I.S.P.) and "TeleTrusT Professional for Secure Software Engineering" (T.P.S.S.E.) and provides the trust seal "IT Security made in Germany". TeleTrusT is a member of the European Telecommunications Standards Institute (ETSI). The association is headquartered in Berlin, Germany.

The publisher indicated in each case (see company info by clicking on image/title or company info in the right-hand column) is solely responsible for the stories above, the event or job offer shown and for the image and audio material displayed. As a rule, the publisher is also the author of the texts and the attached image, audio and information material. The use of information published here is generally free of charge for personal information and editorial processing. Please clarify any copyright issues with the stated publisher before further use. In case of publication, please send a specimen copy to service@pressebox.de.
Important note:

Systematic data storage as well as the use of even parts of this database are only permitted with the written consent of unn | UNITED NEWS NETWORK GmbH.

unn | UNITED NEWS NETWORK GmbH 2002–2024, All rights reserved

The publisher indicated in each case (see company info by clicking on image/title or company info in the right-hand column) is solely responsible for the stories above, the event or job offer shown and for the image and audio material displayed. As a rule, the publisher is also the author of the texts and the attached image, audio and information material. The use of information published here is generally free of charge for personal information and editorial processing. Please clarify any copyright issues with the stated publisher before further use. In case of publication, please send a specimen copy to service@pressebox.de.