What is Bundesamtes für Sicherheit in der Informationstechnik (BSI)?


Have you ever confused your acronyms?  Perhaps you have laughed when someone has had to explain some of the acronyms used in text messages.  Business, and especially technology acronyms are almost as plentiful as text acronyms.  There are few things as embarrassing as being in a business meeting, and mistaking one acronym for another.  This happened recently in a meeting where the acronym “BSI” was not defined in full immediately, and it was especially confusing because the acronyms for both organizations serve similar functions.

For years, many have associated the acronym BSI with the British Standards Institution.  Headquartered in London, the British Standards Institution functions as the world’s largest certification body.  It was the pioneer of standards for management systems, and it publishes standards that impact virtually every aspect of modern society.   This is an important organization, to which many businesses look for guidance across a vast catalog of disciplines.  It is similar to the National Institute of Standards and Technology (NIST), offering information about topics that extend beyond information security.

What is the Bundesamtes für Sicherheit in der Informationstechnik (BSI)?

However, BSI is not only a British organization. Germany has an organization that also shares the BSI acronym.  Bundesamtes für Sicherheit in der Informationstechnik (BSI) is The Federal Office for Information Security in Germany, and unlike the broader functions of the British Standards Institution, the German BSI has its focus specifically in the world of information security.  It can be loosely compared to the Center for Internet Security, famous for the CIS Controls.

The BSI was founded in 2009 by an act of the government of Germany in an effort to better protect all aspects of information technology.  The BSI serves multiple functions in the cybersecurity arena.  Not only does it serve as an informational source for risks and threats, but it also carries out security testing and assessments of IT systems.  Its audience includes manufacturers, distributors, and users of information technology.  To further its mission, BSI also analyzes IT developments and trends.

The BSI serves as a certifying body for many aspects of business in Germany, including cloud computing, critical infrastructure, cryptography, crisis management, and other minimum standards. It also is available to all consumers.  The primary function of a BSI certificate is to assure the security of an IT product by providing transparency of a products capabilities, trustworthiness to recognized standards of security, honest usability information, and suitability for use.   It accomplishes this by engaging with three certifying criteria: IT security (ITS), Information Technology Security Evaluation Criteria (ITSEC), and the Common Criteria.  Each of these are globally recognized across multiple industries.

The BSI seeks to create confidence in technology.  This is further evidenced by the depth of research undertaken by the organization.  The hierarchy of BSI is spread across eight separate divisions that are subdivided into branches of specific focus.  For example, the “Technical Centers of Excellence” division is comprised of sections that include IT Systems, IT Infrastructure, Chip security, and Technology and Research Strategy.  Following across the hierarchical structure, the “Cyber Security for Digitization and Electronic Identities” division is subdivided into separate branches and sections that address each of these broad concepts.  There are more than one hundred sections, each dedicated to a specific aspect of information security.  The thoroughness of the organizational structure lends itself to rigorous examination of each topic.

BSI has a very general statement about the necessity for security:

“The threat to our society in terms of the havoc that computer failure, misuse or sabotage could cause is greater than ever before.”

Of course, this is not a statement manufactured for passive consumption.  In order to protect systems from criminal exploitation, organizations need to take action.  Configuration management, continuous monitoring, and vulnerability management are all required as part of any good cybersecurity program.

Germany has always been a leader in privacy and security. As the vision of the BSI continues to expand, more organizations will turn an eye towards achieving certification to prove cybersecurity readiness.

In time, the German BSI will be as easily recognized as many of the other standardization institutions.

Tripwire’s global reach is not reliant on any particular geography.  What’s best is that Tripwire doesn’t just check the compliance box, it helps you truly achieve security.  Tripwire’s full line of cybersecurity products can help your organization to meet the goals needed to achieve BSI certification standards.  Whether it is log management, system configuration, or rapid awareness of vulnerabilities that may be lurking in your systems, Tripwire can help.



Source link