Germany Country Report - Enisa - Europa
Germany Country Report - Enisa - Europa
Germany Country Report - Enisa - Europa
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Resilience aspects<br />
<strong>Germany</strong> <strong>Country</strong> <strong>Report</strong><br />
The key resilience aspects are addressed by the National Plan for Information Infrastructure<br />
Protection - Nationaler Plan zum Schutz der Informationsinfrastrukturen (NPSI) that is the German<br />
umbrella strategy for the protection of information infrastructures. The following strategic<br />
objectives are set out in the NPSI:<br />
� Prevention: Protecting information infrastructures adequately.<br />
� Preparedness: Responding effectively to IT security incidents.<br />
� Sustainability: Enhancing German competence in IT security – setting international<br />
standards.<br />
In line with this, key German stakeholders have developed several initiatives aimed at improving<br />
the overall national resilience of the information infrastructures. For example, BSI issued the<br />
Standard 100-4 – Business Continuity Management, a methodology for establishing and<br />
maintaining an agency-wide or company-wide internal business continuity management system.<br />
The methodology in this standard builds on the IT-Grundschutz methodology described in BSI<br />
Standard 100-2.<br />
This standard 44 is aimed at emergency or business continuity managers, crisis team members, the<br />
people responsible for security, security officers, security experts, and security consultants who<br />
are familiar with managing emergencies and crises of technical and non-technical origin.<br />
Another example of initiative aimed at improving the overall resilience level is represented by the<br />
guidance issued by BITKOM for datacenters. This guide 45 offers support for the planning and<br />
implementation of a data center, thus supplementing the existing standards and regulations which<br />
one can turn to for support.<br />
Privacy and trust<br />
Status of implementation of the Data Protection Directive<br />
The Data Protection Directive has been implemented into the German law under the the German<br />
Federal Data Protection Act (the Bundesdatenschutzgesetz or “BDSG” or “DPA”.).<br />
In August 2010, the German government approved a draft law concerning special rules for<br />
employee data protection, originally proposed by BMI. The draft law would amend the German<br />
DPA by adding provisions that specifically address data protection in the employment context. The<br />
draft law covers nine key subject areas:<br />
Employer Internet<br />
Searches<br />
� Employers may use public information found through web searches, but may<br />
only use information from social networks if the networking platform is intended<br />
to present professional qualifications.<br />
Medical Exams � Medical assessments are permitted only as necessary to determine whether an<br />
employee can fulfil job requirements.<br />
Automated Data<br />
Scanning<br />
� Allowed in anonymised or pseudonymised form to detect criminal activity or<br />
other serious violations. If unauthorized activity is suspected, data may be<br />
44 See the BSI Standard 100-4 – Business Continuity Management document available at:<br />
https://www.bsi.bund.de/cae/servlet/contentblob/748954/publicationFile/41759/standard_100-4_e_pdf.pdf<br />
45 See: http://www.bitkom.org/files/documents/Reliable_Data_Centers_guideline.pdf<br />
21