Club R2GS/SoSo - IKT-Betriebssicherheit
Club R2GS - Operational Security Management Thought and Research Club
Le Club R2GS (Recherche et Réflexion en Gestion opérationnelle de la Sécurité
German Chapter Club R2GS-SoSo:
Spezification of Operational Security in Organizations
Operative Security in the Focus of Enterprises and Organizations in Germany
Cyber Defense Solution suggested:
Information Security Indicator (ISI) Catalogue shall be applied for the Evaluation of the Operative ICT Security & Safety of Enterprises and Organizations, i.e.
Security Incidents (Sicherheitsvorfälle) of External Attacks and Intrusions, Functional Failures, Uncertainties of internal Behaviour;
Known Vulnerabilities (Schwachstellen) of failing Personnel, Software, Configurations, general technical and organizational Vulnerabilities;
The fight against Incidents and Vulnerabilities is modeled by the R2GS-SoSo Cyber Defense & Security Model comprising 4 pillars of handling information in an organization for the purpose of Energy and Security Efficiency:
1. WHO --> Stakeholder Model [14 PS02 German]
i.e. ISO/IEC 29180, ITU-T X.1311 IT Security Framework for Ubiquitious Sensor Networks;
2. WHAT --> Information & Data Acquistion Model [14 PS01 German]
i.e. ISO/IEC/IEEE 42010:2011 System and SW Engineering Architecture Description;
3. HOW --> Security Architecture Model [14 PS03 German]
i.e. ISO/IEC 27044 SIEM, BSI IST/33 - ISO/IEC 19086 Security&Privacy Aspects of SLA;
4. WHY --> Compliance Model [14 PS04 German]
i.e. ISO/IEC 27001:2013, ISO/IEC 22301:2014 Continuity Management for Security in Enterprises and Organizations;
A Use Case related to pillar 3 is specified in [13 English: FINESCE Virtual Power Plant] and explains the 'side-effect' of Energy-Efficiency according to DIN EN ISO 50001-EMAS [PS5.2. German] that is achieved by the notion of 'System Stability'. System Stability Control is a complex measure indicating to possible system vulnerabilities.
The underpinning Information Securitry Indicators (ISI) [1] related to pillar 4 are specified in the ISI-Quick Reference Card (IQR) of the Club R2GS-SoSo:
The above presented 4 pillars model helps enterprises and organizations in achieving their individual 'Pentagon of Trust'. Notice that each pillar represents specific sets of Cyber Defense Properties to be achieved:
Club R2GS-SoSo German Chapter Contacts:
Jan de Meer, +49 170 825 1087, fax: +49 (0)30 84 70 92 13, c/o smartspacelab.eu GmbH: demeer@smartspacelab.de
Axel Rennoch, FhG-FOKUS, axel.rennoch@fokus.fraunhofer.de
or address all issues of the Club R2GS-SoSo;
Club R2GS-SoSo documents of Interest:
[1] http://en.wikipedia.org/wiki/Information_security_indicator
[2] Gesetzentwurf der Bundesregierung zum IT Sicherheitsgesetz;
[3] Mehr Datenschutz und Betriebssicherheit durch Cyber-Security-Testing
(SQ-Magazin, 2015, Nr. 34, S. 28-31. Hrsg.: ASQF
https://www.asqf.de/mitgliedermagazin-sq-magazin.html)