Vom Modell zur Maßnahme: Orientierung für Unternehmen im Cybersecurity-Dschungel
摘要
Cybersecurity has gained significant importance in recent years. Today, the question is no longer if a company will become the target of a cyberattack, but when. Consequently, the systematic strengthening of organizational resilience has moved into the spotlight. Although numerous cybersecurity models exist, each with different focuses and recommended measures, their very diversity often makes it difficult for companies to systematically assess their security posture and derive concrete improvement actions. This paper pursues a practical and application-oriented goal: it consolidates key elements from established cybersecurity frameworks, including Microsoft’s 98% Protection Model, measures from the NIS2 Directive, Annex A of ISO 27001, Business Continuity Management according to the German Federal Office for Information Security (BSI), and crisis management principles based on the German Fire Service Regulation (FwDV). These components are integrated into a compact action catalogue and translated into a maturity model aligned with the four implementation tiers of the NIST Cybersecurity Framework (partial, risk-informed, repeatable, adaptive). The result provides organizations with a pragmatic tool for self-assessing their cyber resilience and offers actionable guidance for the ongoing development of their cybersecurity strategy.