From 25 January to 3 February 2011 IABG held its third training seminar on the topic of “IT Security Management with ISO 27001 based on the Basic IT Protection Standards defined by the BSI”. The methods and contents of this ISO standard which applies to all economic sectors and authorities were especially tailored to participant requirements with regard to IT security issues in integrated control centres. Integrated control centres organize the combined activities of fire-brigades and emergency services.
The objective of the training seminar was to point out hazards, weak points, risks and measures to be taken regarding IT security in integrated control centres. This concerns both technical aspects as well as the organisation and infrastructure of control centres.
The ten-strong participant group consisted of security inspectors, system administrators and quality managers. The Bavarian Red Cross (BRK) in particular was strongly represented. Other participants came from the control centres of Bamberg and Ingolstadt which are operated by the joint associations for emergency services and fire-brigade alerts (ZRF).
Computer scientist Dipl.-Inf. Konrad Rosmus developed and held the seminar. He is an IT data protection auditor certified by the BSI for the ISO 27001 standard on basis of the BSI Basic IT Protection. Dipl.-Inf. Stefan Geretshuber supported the seminar conception and presented technical aspects of basic IT protection.
All pertinent IT security management aspects were presented in the course of the seminar and were examined in detail with regard to possible weak points, threats and risks to IT security.
Appropriate procedural instructions, measures to be taken for improving IT security and proposals on how to implement them are defined in detail in the basic IT protection catalogues of the BSI. The BSI tool “GSTOOL” was used for the practical part and was installed by the participants themselves following instructions. Exercises covered the administration of all sensitive infrastructure objects as well as the implementation management of measures when using this tool.
With its IT security training seminars IABG offers trainings specifically tailored to the needs and previous knowledge of the participants. The know-how obtained here serves as a basis for the conception and development of a comprehensive IT security management system tailored to the specific requirements of control centres.
Thanks to the highly practice-oriented approach with many exercises, the current training proved to be very diversified and instructive.
Participant feedback was thus unanimously positive. The IABG team received much praise and acknowledgment for the arduous, but always interesting training.
“This training course has sharpened my view for the manifold IT security threats and risks in control centres”, states Markus Ruckdeschel, who is responsible for hazard prevention planning and integrated control centres with the Bayreuth district association of the Bavarian Red Cross. “The findings gathered in this context provide valuable support for my daily work.”
1) Federal Office for Security in Information Technology
(Bundesamt für Sicherheit in der Informationstechnik - BSI)
