security objective "authenticity" #287
Labels
Comments
|
Is there already a decision here? In the meantime, the security objective of authenticity is also required in the banking sector (BAFIN, MARISK, ...). |
|
An important development that we are about to start is the configuration of the impact scales. The first step for the operational risks. So we could consider this later (modifiable impact, if this is what you mean ?) but I cannot provide a precise time estimate. |
|
The German financial regulatory authorities and the BSI require in their standards BAFIN, MARISK, IT-Grundschutz and in §8a of the BSI Act that authenticity is also taken into account. This makes it necessary to supplement CIA with CIAA.
|
|
Related: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the solution you'd like
ISO 27001 and ISO 27005 generally assume the three protection objectives "confidentiality", "integrity" and "availability" in their risk analyses.
However, the "IT Security Act" applicable in Germany requires the additional protection objective of " authenticity" for the operators of critical infrastructures.
We would be pleased if "authenticity" (in German: Authentizität) were included as a fourth protection objective in the MONARC methodology.
The text was updated successfully, but these errors were encountered: