Germany Country Report - Enisa - Europa
Germany Country Report - Enisa - Europa
Germany Country Report - Enisa - Europa
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
NIS awareness at the country level<br />
<strong>Germany</strong> <strong>Country</strong> <strong>Report</strong><br />
Training and awareness programmes and initiatives under the CIP Implementation Plan<br />
of the National Plan for Information Infrastructure Protection<br />
In order to increase awareness with respect to the importance of IT security, German operators of<br />
critical infrastructures have embarked on cross-sector cooperation with organisations of the public<br />
administrations, such as BSI, the Federal Criminal Police Office, the Federal Network Agency and<br />
the specialist ministries in charge. Joint exercises are held, such as the crisis management<br />
exercise across federal states, Länderübergreifende Krisenmanagement Exercise (LÜKEX).<br />
Awareness actions on emerging topics – cloud computing security requirements<br />
In September 2010, the German Federal Office for Information Security - Bundesamt für<br />
Sicherheit in der Informationtechnik (BSI) released a draft framework paper on information<br />
security issues related to cloud computing. The draft paper defines minimum security<br />
requirements for cloud solution service providers, and provides a basis for discussions between<br />
service providers and users. The paper addresses the following issues:<br />
� The definition of cloud computing<br />
� Service provider security management requirements<br />
� ID and rights management<br />
� Monitoring and security incident response<br />
� Emergency management<br />
� Security checks and verification<br />
� Requirements for personnel<br />
� Transparency<br />
� Organizational requirements<br />
� User control<br />
� Portability of data and applications<br />
� Interoperability<br />
� Data protection and compliance<br />
� Cloud certification<br />
� Additional requirements for public cloud service providers that support cloud solutions for<br />
the German Federal Administration.<br />
The BSI‟s goal is to work with stakeholders to develop appropriate security requirements that<br />
should be considered with respect to the provision of cloud services. A consultation was open on<br />
the above with service providers and users have, to review the paper and provide comments. The<br />
final version is expected for 2011.<br />
Awareness actions targeting the consumers/citizens<br />
The BSI für Bürger (BSI for the public) provides in cooperation with the BKA information about<br />
relevant NIS topics of interest for the citizens, such as how to prevent illegal traffic on website,<br />
general rules and laws around the Internet 46 .<br />
Also, on the Bürger-CERT platform, members of the public and responsible staff in small<br />
companies can receive information regarding viruses, worms, and other computer security risks.<br />
46 See: https://www.bsi-fuer-buerger.de/cln_030/ContentBSIFB/SicherheitImNetz/RechtImInternet/recht.html<br />
23