KonzeptAcht
commented
3 years ago Is there already a decision here? In the meantime, the security objective of authenticity is also required in the banking sector (BAFIN, MARISK, ...).
Open KonzeptAcht opened 4 years ago
KonzeptAcht
commented
3 years ago Is there already a decision here? In the meantime, the security objective of authenticity is also required in the banking sector (BAFIN, MARISK, ...).
cedricbonhomme
commented
3 years ago An important development that we are about to start is the configuration of the impact scales. The first step for the operational risks. So we could consider this later (modifiable impact, if this is what you mean ?) but I cannot provide a precise time estimate.
KonzeptAcht
commented
3 years ago The German financial regulatory authorities and the BSI require in their standards BAFIN, MARISK, IT-Grundschutz and in §8a of the BSI Act that authenticity is also taken into account. This makes it necessary to supplement CIA with CIAA.
ruslanbaidan
commented
1 year ago
Describe the solution you'd like ISO 27001 and ISO 27005 generally assume the three protection objectives "confidentiality", "integrity" and "availability" in their risk analyses.
However, the "IT Security Act" applicable in Germany requires the additional protection objective of " authenticity" for the operators of critical infrastructures.
We would be pleased if "authenticity" (in German: Authentizität) were included as a fourth protection objective in the MONARC methodology.