Club R2GS-SoSo english - BEST CD

Club R2GS/SoSo - IKT-Betriebssicherheit

Club R2GS - Operational Security Management Thought and Research Club

Le Club R2GS (Recherche et Réflexion en Gestion opérationnelle de la Sécurité

German Chapter Club R2GS-SoSo:

Spezification of Operational Security in Organizations

Operative Security in the Focus of Enterprises and Organizations in Germany

Cyber Defense Solution suggested:

Information Security Indicator (ISI) Catalogue shall be applied for the Evaluation of the Operative ICT Security & Safety of Enterprises and Organizations, i.e.

Security Incidents (Sicherheitsvorfälle) of External Attacks and Intrusions, Functional Failures, Uncertainties of internal Behaviour;

Known Vulnerabilities (Schwachstellen) of failing Personnel, Software, Configurations, general technical and organizational Vulnerabilities;

The fight against Incidents and Vulnerabilities is modeled by the R2GS-SoSo Cyber Defense & Security Model comprising 4 pillars of handling information in an organization for the purpose of Energy and Security Efficiency:

1. WHO --> Stakeholder Model [14 PS02 German]

i.e. ISO/IEC 29180, ITU-T X.1311 IT Security Framework for Ubiquitious Sensor Networks;

2. WHAT --> Information & Data Acquistion Model [14 PS01 German]
i.e. ISO/IEC/IEEE 42010:2011 System and SW Engineering Architecture Description;

3. HOW --> Security Architecture Model [14 PS03 German]

i.e. ISO/IEC 27044 SIEM, BSI IST/33 - ISO/IEC 19086 Security&Privacy Aspects of SLA;

4. WHY --> Compliance Model [14 PS04 German]

i.e. ISO/IEC 27001:2013, ISO/IEC 22301:2014 Continuity Management for Security in Enterprises and Organizations;

The integrated 4 pillars model is in-line to the cyclic SIEM model [3] (with respect to ISO/IEC 27044) but is more formal with respect to intended semantics; In order to achieve a higher Security Assurance Level (SLA) the models shall be applied recursively.

For formal model checking purposes the R2GS-SoSo Cyber Defense & Security Model uses the Modelling Tool of the dEIn-lab of the Technical University Berlin [12 German: Regelbasiertes Modellieren]

A Use Case related to pillar 3 is specified in [13 English: FINESCE Virtual Power Plant] and explains the 'side-effect' of Energy-Efficiency according to DIN EN ISO 50001-EMAS [PS5.2. German] that is achieved by the notion of 'System Stability'. System Stability Control is a complex measure indicating to possible system vulnerabilities.

The underpinning Information Securitry Indicators (ISI) [1] related to pillar 4 are specified in the ISI-Quick Reference Card (IQR) of the Club R2GS-SoSo:

The above presented 4 pillars model helps enterprises and organizations in achieving their individual 'Pentagon of Trust'. Notice that each pillar represents specific sets of Cyber Defense Properties to be achieved:

Club R2GS-SoSo German Chapter Contacts:

Jan de Meer, +49 170 825 1087, fax: +49 (0)30 84 70 92 13, c/o smartspacelab.eu GmbH: demeer@smartspacelab.de

Axel Rennoch, FhG-FOKUS, axel.rennoch@fokus.fraunhofer.de

or address all issues of the Club R2GS-SoSo;

Club R2GS-SoSo documents of Interest:

[1] http://en.wikipedia.org/wiki/Information_security_indicator

[2] Gesetzentwurf der Bundesregierung zum IT Sicherheitsgesetz;

[3] Mehr Datenschutz und Betriebssicherheit durch Cyber-Security-Testing

(SQ-Magazin, 2015, Nr. 34, S. 28-31. Hrsg.: ASQF
https://www.asqf.de/mitgliedermagazin-sq-magazin.html)