Security Management as a Service

Session: Security risk & compliance assessment, Tue., Sep. 15, 15:30 - 16:00 

The implementation and evaluation of an Information Security Management System (ISMS) requires a high degree of expertise. However, this is not to be made in many companies due to limited resources. The ever-growing complexity of IT systems and the resulting increasing demands on their IT security, exacerbate the problem in the future. As a consequence, vulnerabilities remain undetected strengthened. Another challenge is to adapt the selection of protection measures to the needs, skills and abilities of the user. Only if the measures are accepted and can be integrated into the daily work, the ISMS will work.

The aim of the project Security Management as a Service, founded by the German Federal Ministry of Education and Research is to develop new working practices and new technical concepts that make it possible to assess and establish IT security processes for small institutions from business and administration. These models and concepts should be easy to implement and allow a simple operation even without profound knowledge. Another objective is to supervise complex protection measures such as encryption of e-mails or the management of certificates in the future via a central, cloud-based service. The remaining, easier-to-manage protection measures are still the responsibility of the institution. the outsourced and local safety measures need to be coordinated. Only in this way a uniformly high level of protection can be achieved.

About Marian Margraf

Marian Margraf studied mathematics at the Christian-Albrechts-Universtität zu Kiel and received his doctorate in 2001. After his time as a postdoc at the Christian-Albrechts-Universtität zu Kiel, he worked as a cryptographer for the Federal Office for Information Security and subsequently as a desk officer at the Federal Ministry of the Interior. In 2013, he was appointed as professor for IT security and theoretical computer science in the computer science department at the University of Applied Sciences Darmstadt. Since 2014, he has been holding the Bundesdruckerei endowed professorship for identity management at the Freie Universität Berlin.