{"id":2629,"date":"2021-10-21T16:25:10","date_gmt":"2021-10-21T14:25:10","guid":{"rendered":"https:\/\/ur4-tia.com\/cyber-security\/"},"modified":"2022-03-02T15:53:52","modified_gmt":"2022-03-02T14:53:52","slug":"cyber-security","status":"publish","type":"page","link":"https:\/\/ur4-tia.com\/en\/guide-information\/cyber-security\/","title":{"rendered":"Cyber security"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

What is Cyber Security?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Definition of Cyber Security<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tCyber \u200b\u200bsecurity<\/strong>\u00a0(also known as\u00a0cybersecurity<\/strong>) is a discipline of\u00a0IT security<\/strong>\u00a0that has become increasingly important in recent years, both internally and regarding the public.\r\n\r\nIt deals with protection against all kinds of risks and threats from cyberspace.\u00a0The focus is on all elements of communication and information technology that are connected to the intranet or internet via corresponding online components and are therefore vulnerable per se.\u00a0In terms of IT systems, cyber security primarily considers their technical components (communication components, applications, processed data and information), but also the processes whose work steps affect online components.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Cyber security relevance<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tThe rise in relevant incidents year after year shows what is in store for businesses and individuals in an increasingly connected world. The pandemic years of 2020 and 2021, in which distributed working has led to a multiplication of potential points of attack between companies, private households with home or mobile office workplaces, and the communication links in between, foreshadows interesting statistical material. But the fact remains: In the complexity and dynamics of modern infrastructures, especially with regard to Industry 4.0 and IoT, this becomes an undertaking that, if it goes awry, can quickly attack the economic viability of the company.\r\n\r\nIn the clinical or infrastructure environment, critical incidents can actually endanger life and limb. For this reason, governments define special requirements for these critical infrastructures, exemplified by CRITIS in Germany, the ISO 27000 journey and the BSI 200 standards.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"Cyber\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"Cyber\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tFigure 1: IT security in Germany 2020\r\n\r\nSource: BSI-LB20\/509: Die Lage der IT-Sicherheit in Deutschland 2020, Bundesamt f\u00fcr Sicherheit in der Informationstechnik (BSI), S. 36\/37\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Cyber threats as a challenge for organizations and companies: Cyber security is more than virus protection and DMZ<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tThe discipline of cyber security<\/strong>\u00a0is characterized by complexity and dynamism.\u00a0It combines aspects from a wide variety of perspectives, but also has interfaces and overlaps with other disciplines.\r\n\r\nThe need for cyber security is no longer science fiction, but hard reality: whether it is an unintentional or targeted virus attack, internally or externally driven data theft, ransomware attacks on end devices as well as central systems for the purpose of blackmail, or simply trials of strength with scripts -Kiddies, experience-oriented zero-day exploitists through to real hackers with specific assignments from the broad field of economic and industrial espionage, or pure destructiveness and the desire for chaos and\/or attention: cyber security deals with all of these scenarios .\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tOur reading and subscription tip: the BSI’s annual report “The situation of IT security in Germany” is published annually and is available free of charge online and as a print edition.\r\n\r\nAn absolute must-read for anyone interested in the subject.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\tTo the annual report<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Cyber threats as a challenge for organizations and companies<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tCyber \u200b\u200bsecurity is largely to be understood as risk management.\u00a0Whether financially oriented cybercrime (e.g. in the form of the increasing number of phishing and ransomware attacks, including subsequent attempts at blackmail), politically motivated cyberattacks (e.g. to disclose genuine or disseminate falsified critical information to discredit public officials), or genuine cyberterrorism (e.g. attacks on control units of critical infrastructure elements) to create widespread chaos, panic and instability:\r\n\r\nIn the context of cyber security, it is always necessary to foresee new and ever more innovative attack variants, to harden infrastructures and organizations and to react appropriately to experienced digital attack situations.\r\n\r\nOn the attacker side, there are always completely new \u201cprofessions\u201d for which cyber security has to prepare.\u00a0A few years ago, many of the current threats were only theoretically conceivable, but could hardly be implemented in practice.\r\n\r\nWith the increasing networking of all areas of life in the different economic sectors, it is apparently more and more “worthwhile” for criminal elements of different weight classes and different target orientations to become active. Especially in the context of Industry 4.0 and the Internet of Things (IOT), completely new threat scenarios are emerging: the more components of daily life have direct contact with the Internet, the greater the potential for damage and the associated attractiveness for disruptors.\r\n\r\nOn the side of those affected, there are not only “small, overwhelmed medium-sized companies” who do not have sufficient resources and skills to protect themselves effectively or at least to be able to react appropriately.\u00a0Large companies and increasingly also state organizations, which at least theoretically have legions of capable architects, hardware and software experts at their disposal, are struggling with the situation.\u00a0In some cases, the potential image damage is much higher than the direct economic damage caused by data loss or corrupt data, for example.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Goals of cyber security - not just processes and measures, but (also) a state<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tVery similar to how information security describes both processes and a state, cyber security also has\u00a0a defined target image<\/strong>: the state of a security situation in cyberspace in which risks from this for one’s own organization are reduced to at least an appropriate level.\r\n\r\nThere is no such thing as absolute security, especially not in cyberspace.\u00a0Even if a lot of hope is placed, for example, in future support from artificial intelligence, with the dynamics and complexity of the virtual world, the almost infinite number of interfaces and the bringing together of potentially very different interests worldwide:\r\n\r\nOn a permanent virtual construction site, where every little screw can represent a potential weak point, perfect risk prevention is simply not possible by human standards.\u00a0It will always be a game of cat and mouse.\r\n\r\nThe aim must therefore be that in a management system, points of attack and risks with the probability of occurrence and potential damage are clearly analyzed, evaluated and ideally neutralized in advance using suitable means.\r\n\r\nAnd on the other hand, on the measures side, if a cyber security incident occurs, the effects are reduced as far as possible – through clear responsibilities, unambiguous process, and information channels as well as dynamically adaptable or even self-regulating emergency plans.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

framework of cyber security<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tCyber \u200b\u200bsecurity as a discipline<\/strong>\u00a0is critical, but there is discussion about where its limits are and what requirements must be met.\r\n\r\nOn closer inspection, there are hardly any detailed guidelines on cyber security, which is of course also due to the dynamic nature of the topic.\u00a0Many specifications are generally and technology-independently defined in the form of guiding principles or basic rules and can therefore be adapted relatively easily to new developments.\r\n\r\nThe requirements, which are formulated, can be found within the company in explicit or implicit company descriptions and procedural instructions, rules of conduct and the like.\r\n\r\nThere are also legal requirements and specifications<\/strong>, in Germany for example\r\n