Bureaucracy in the company, part 98765: Travel expense accounting
I recently met a colleague who is CISO at a large corporation in Germany. In addition to all kinds of technical topics, at some point during the conversation we also got to talking about the administrative processes in his organization. At this point in the conversation, the colleague really vented his frustration: he told me […]
What can you actually do with an AI management system in accordance with ISO 42001?
ISO 42001 will be exactly one year old in December 2024. As there aren’t that many of these certificates on the market yet, I have taken this as an opportunity to take a closer look at what you can actually do with such an AI management system. Introduction: Why and for what is ISO 42001 […]
Funding for IT security measures
Measures in small and medium-sized organisations that serve to increase IT security are often funded by the public sector. In order to strengthen the cyber resilience of these companies, various levels of government in Germany offer funding programmes. These programmes are designed to ease the financial burden of implementing advanced IT security measures and thus […]
Cyber attack with fake invoices
Cybercrime only affects the big players? Certainly not! Last week, we witnessed live how an attacker – unfortunately successfully – defrauded the customers of a retailer and stole a considerable amount of money in the process. What happened? Previously unknown perpetrators have forged purchase contracts from a medium-sized trading company and replaced the bank details […]
Personal liability for violations of the NIS 2 Directive
Personal liability of the management bodies The NIS 2 Directive introduces new personal liability for management bodies for the implementation of cyber security measures. This means that board members and managing directors can be held personally liable if a company fails to comply with the requirements of the directive and a cyberattack occurs. Proactive cyber […]
ISMS according to ISO 27001 helps when taking out cyber insurance
Over the past six months, we have held numerous discussions with medium-sized organisations of various sizes that would like to take out new cybersecurity insurance or adapt existing policies. The consistent tenor that we have heard everywhere is that it is becoming increasingly challenging to obtain affordable policies at all. Insurance against cybersecurity risks is […]
Proactively meeting the requirements of the NIS2 directive
The second version of the Network and Information Security Directive (NIS 2) came into force in the EU at the beginning of 2023. The EU member states must transpose NIS 2 into national law by 17 October 2024. In Germany, the Federal Ministry of the Interior has already submitted a draft bill for an NIS2 […]
Trends and developments in the cyber security landscape
Although the new year is already a few days old, annual kick-off events are still in full swing everywhere. So we too have been thinking about what to expect in terms of information and IT security in 2024. Based on current trends and developments in the cyber security landscape, we anticipate the following challenges: Organisations […]
ISO 27001 Outlook 2024
Conversion to the latest version of the standard Companies that are certified according to the international standard ISO 27001 will have to think about converting their ISMS to the latest version of the standard in 2024. Now that the final version of the German translation will finally be available in January 2024, all German-speaking standard […]
Employees pose a greater threat to IT security than hackers
In the past two years, more than a third (37 per cent) of all cyber security incidents in Germany were due to employee misconduct. Hackers were only responsible for around 27 per cent of cyber security incidents. Security incidents were often related to negligence, but 30 per cent were due to phishing attacks. 15 per […]