MonarcAppFO icon indicating copy to clipboard operation
MonarcAppFO copied to clipboard
verified publisher icon monarc-project

security objective "authenticity"

Open K8Sudo opened this issue 5 years ago • 6 comments

Describe the solution you'd like ISO 27001 and ISO 27005 generally assume the three protection objectives "confidentiality", "integrity" and "availability" in their risk analyses.

However, the "IT Security Act" applicable in Germany requires the additional protection objective of " authenticity" for the operators of critical infrastructures.

We would be pleased if "authenticity" (in German: Authentizität) were included as a fourth protection objective in the MONARC methodology.

K8Sudo avatar May 08 '20 09:05 K8Sudo

Is there already a decision here? In the meantime, the security objective of authenticity is also required in the banking sector (BAFIN, MARISK, ...).

K8Sudo avatar Apr 12 '21 09:04 K8Sudo

An important development that we are about to start is the configuration of the impact scales. The first step for the operational risks. So we could consider this later (modifiable impact, if this is what you mean ?) but I cannot provide a precise time estimate.

cedricbonhomme avatar Apr 15 '21 13:04 cedricbonhomme

The German financial regulatory authorities and the BSI require in their standards BAFIN, MARISK, IT-Grundschutz and in §8a of the BSI Act that authenticity is also taken into account. This makes it necessary to supplement CIA with CIAA.

MONARC_authenticity

K8Sudo avatar Apr 15 '21 13:04 K8Sudo

Related: https://github.com/monarc-project/MonarcAppFO/issues/196

ruslanbaidan avatar Jul 28 '23 13:07 ruslanbaidan