Published On: 27. July 2021

The IT Security Act 2.0

IT infrastructures are essential foundations for our social and economic life. This makes it all the more important to ensure adequate protection through the IT Security Act, which was renewed as version 2.0 in 2021.

The law has brought with it a lot of criticism and new requirements since it came into force in May. The aim of the new law is to increase the security of IT systems and strengthen the position of the Federal Office for Information Security (BSI).

Companies with a special public interest (e.g. with great economic significance) are now subject to the same obligations as operators of critical infrastructure (e.g. in the areas of energy, water, health, etc.).

The obligations include reporting security breaches and complying with minimum protection standards for IT systems. These are reported by the companies themselves as part of a self-declaration on certifications, safety audits and safety measures.

B3S: Requirements for organizations

B3S refers to industry-specific security standards that define the current state of the art for all operators within an industry in coordination with the BSI. This also includes the BSI’s specification of the requirements for the measures to be implemented in accordance with Section 8A (1) BSIG.

What requirements must operators of critical infrastructures fulfill according to the B3S? A brief overview.

Incidentally, the security standards are also suitable as a guide for non-KRITIS organizations.

Take measures early on to protect your IT systems. Automated and secure self-service solutions for the access and identity journey of your employees and customers support you in firmly anchoring IT security in your company.

As experts in management software with two specialized solutions for IT security, we can support you. With the BAYOOSOFT Access Manager, you can use our in-house tool for automated authorization management for file servers, SharePoint, Active Directory and third-party systems.

While you use the solution to sustainably reduce operational costs, e.g. in IT administration, you increase information security through monitoring, auditing and transparent reporting for data managers in your specialist departments.

Good to know

Are you familiar with the BSI’s “Best Practice” recommendations for critical infrastructures? We have summarized interesting facts about authorization management for KRITIS in a blog .

Email encryption made easy with gpg4o

The exchange of sensitive data with other people is ubiquitous – whether professionally with a view to sensitive data or the private sharing of unpublished designs. The intention is, of course, that such e-mails should only reach selected recipients. But hackers usually have an easy time of it.

gpg4o prevents third parties from accessing sensitive data. And this is how it works: E-mails are double-encrypted using an asymmetric procedure. This means that e-mails intercepted by third parties and decrypted in the first step are still protected.

Is your company looking for a strong partner for management software solutions?

Contact us now and we will present our products to you without obligation. 

Sounds exciting? Why not share this article with your network?