<p>Cybersecurity has gained significant importance in recent years. Today, the question is no longer if a&#xa0;company will become the target of a&#xa0;cyberattack, but when. Consequently, the systematic strengthening of organizational resilience has moved into the spotlight. Although numerous cybersecurity models exist, each with different focuses and recommended measures, their very diversity often makes it difficult for companies to systematically assess their security posture and derive concrete improvement actions. This paper pursues a&#xa0;practical and application-oriented goal: it consolidates key elements from established cybersecurity frameworks, including Microsoft’s 98% Protection Model, measures from the NIS2 Directive, Annex&#xa0;A of ISO 27001, Business Continuity Management according to the German Federal Office for Information Security (BSI), and crisis management principles based on the German Fire Service Regulation (FwDV). These components are integrated into a&#xa0;compact action catalogue and translated into a&#xa0;maturity model aligned with the four implementation tiers of the NIST Cybersecurity Framework (partial, risk-informed, repeatable, adaptive). The result provides organizations with a&#xa0;pragmatic tool for self-assessing their cyber resilience and offers actionable guidance for the ongoing development of their cybersecurity strategy.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Vom Modell zur Maßnahme: Orientierung für Unternehmen im Cybersecurity-Dschungel

  • Kevin Palinkas,
  • Arne Buchwald

摘要

Cybersecurity has gained significant importance in recent years. Today, the question is no longer if a company will become the target of a cyberattack, but when. Consequently, the systematic strengthening of organizational resilience has moved into the spotlight. Although numerous cybersecurity models exist, each with different focuses and recommended measures, their very diversity often makes it difficult for companies to systematically assess their security posture and derive concrete improvement actions. This paper pursues a practical and application-oriented goal: it consolidates key elements from established cybersecurity frameworks, including Microsoft’s 98% Protection Model, measures from the NIS2 Directive, Annex A of ISO 27001, Business Continuity Management according to the German Federal Office for Information Security (BSI), and crisis management principles based on the German Fire Service Regulation (FwDV). These components are integrated into a compact action catalogue and translated into a maturity model aligned with the four implementation tiers of the NIST Cybersecurity Framework (partial, risk-informed, repeatable, adaptive). The result provides organizations with a pragmatic tool for self-assessing their cyber resilience and offers actionable guidance for the ongoing development of their cybersecurity strategy.