The IT Security Act 2.0
IT infrastructures are essential foundations for our social and economic life. This makes it all the more important to ensure adequate protection through the IT Security Act, which was renewed as version 2.0 in 2021.
The law has brought with it a lot of criticism and new requirements since it came into force in May. The aim of the new law is to increase the security of IT systems and strengthen the position of the Federal Office for Information Security (BSI).
Companies with a special public interest (e.g. with great economic significance) are now subject to the same obligations as operators of critical infrastructure (e.g. in the areas of energy, water, health, etc.).
The obligations include reporting security breaches and complying with minimum protection standards for IT systems. These are reported by the companies themselves as part of a self-declaration on certifications, safety audits and safety measures.
B3S: Requirements for organizations
B3S refers to industry-specific security standards that define the current state of the art for all operators within an industry in coordination with the BSI. This also includes the BSI’s specification of the requirements for the measures to be implemented in accordance with Section 8A (1) BSIG.
What requirements must operators of critical infrastructures fulfill according to the B3S? A brief overview.
Incidentally, the security standards are also suitable as a guide for non-KRITIS organizations.
Take measures early on to protect your IT systems. Automated and secure self-service solutions for the access and identity journey of your employees and customers support you in firmly anchoring IT security in your company.
As experts in management software with two specialized solutions for IT security, we can support you. With the BAYOOSOFT Access Manager, you can use our in-house tool for automated authorization management for file servers, SharePoint, Active Directory and third-party systems.
While you use the solution to sustainably reduce operational costs, e.g. in IT administration, you increase information security through monitoring, auditing and transparent reporting for data managers in your specialist departments.
Good to know
Are you familiar with the BSI’s “Best Practice” recommendations for critical infrastructures? We have summarized interesting facts about authorization management for KRITIS in a blog .