What is “state of the art” in IT security?

In many European countries, national legislators are pursuing the objective of reducing the deficiencies in IT security. In addition, the General Data Protection Regulation (EU) 2016/679 (GDPR) with its high requirements for technical and organisational measures has been in force since May 25, 2018. Both legal sources are demanding that IT security be brought up to the level of "state of the art", but do not say what should be understood by this in detail. In Germany, TeleTrusT – IT Security Association Germany has written guidelines that will be published in English in cooperation with the European Union Agency for Network and Information Security (ENISA).

Daily reports on security incidents in companies and authorities show that there is an urgent need for action to improve IT security. Article 32 of the GDPR regulates "security of processing" to ensure that, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, appropriate technical and organisational measures are implemented. This provision is aimed at ensuring a level of protection appropriate to the risk.

Both national and European legislators are, however, abstaining from laying down concrete, detailed technical requirements and evaluation criteria for technical and organisational measures in the field of security. No methodological approaches are provided to those who must comply with the law. This policy, especially in a dynamic market environment, must be left to the experts.

In this context, the document published on the "state of the art" in IT security provides concrete advice and recommendations for action. These guidelines are intended to provide companies, providers (manufacturers, service providers) alike with assistance in determining the "state of the art" within the meaning of the IT security legislation. The document can serve as a reference for contractual agreements, procurement procedures or the classification of security measures implemented. They are not a replacement for technical, organisational or legal advice or assessment in individual cases.

The English version of the document that has now been published will support companies in all EU countries in identifying the required level of security in the field of IT security.

Dr. Udo Helmbrecht, ENISA Executive Director: "ENISA continues its work in supporting the EU Member States by contributing to this handbook. The articles are designed to provide concrete information and recommendations on how to improve IT security. This booklet should be a useful guide to IT practitioners who have the responsibility for complying with legislation."

TeleTrusT Chairman Prof. Dr. Norbert Pohlmann: "By determining the state of the art, we will be able to adequately increase the level of IT security, strengthen our robustness against cyber attacks and thus significantly reduce the risk of ongoing digitalisation."

TeleTrusT Board Member Karsten U. Bartels: "The consideration of the state of the art is a technical, organisational and legal task for companies and authorities. The guidelines help very specifically at these three levels – both in the operative implementation and in the documentation."

English version: https://www.teletrust.de/…

German version: https://www.teletrust.de/…

Über Bundesverband IT-Sicherheit e.V. (TeleTrusT)

TeleTrusT – IT Security Association Germany

The IT Security Association Germany (TeleTrusT) is a widespread competence network for IT security comprising members from industry, administration, consultancy and research as well as national and international partner organizations with similar objectives. With a broad range of members and partner organizations TeleTrusT embodies the largest competence network for IT security in Germany and Europe. TeleTrusT provides interdisciplinary fora for IT security experts and facilitates information exchange between vendors, users, researchers and authorities. TeleTrusT comments on technical, political and legal issues related to IT security and is organizer of events and conferences. TeleTrusT is a non-profit association, whose objective is to promote information security professionalism, raising awareness and best practices in all domains of information security. TeleTrusT is carrier of the "European Bridge CA" (EBCA; PKI network of trust), the IT expert certification schemes "TeleTrusT Information Security Professional" (T.I.S.P.) and "TeleTrusT Professional for Secure Software Engineering" (T.P.S.S.E.) and provides the trust seal "IT Security made in Germany". TeleTrusT is a member of the European Telecommunications Standards Institute (ETSI). The association is headquartered in Berlin, Germany.

Firmenkontakt und Herausgeber der Meldung:

Bundesverband IT-Sicherheit e.V. (TeleTrusT)
Chausseestraße 17
10115 Berlin
Telefon: +49 (30) 40054310
Telefax: +49 (30) 40054311
https://www.teletrust.de

Ansprechpartner:
Dr. Holger Mühlbauer
Geschäftsführung
Telefon: +49 (30) 40054306
Fax: +49 (30) 40054311
E-Mail: holger.muehlbauer@teletrust.de
Für die oben stehende Pressemitteilung ist allein der jeweils angegebene Herausgeber (siehe Firmenkontakt oben) verantwortlich. Dieser ist in der Regel auch Urheber des Pressetextes, sowie der angehängten Bild-, Ton-, Video-, Medien- und Informationsmaterialien. Die United News Network GmbH übernimmt keine Haftung für die Korrektheit oder Vollständigkeit der dargestellten Meldung. Auch bei Übertragungsfehlern oder anderen Störungen haftet sie nur im Fall von Vorsatz oder grober Fahrlässigkeit. Die Nutzung von hier archivierten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Eine systematische Speicherung dieser Daten sowie die Verwendung auch von Teilen dieses Datenbankwerks sind nur mit schriftlicher Genehmigung durch die United News Network GmbH gestattet.

counterpixel