{"id":433,"date":"2025-03-11T09:34:00","date_gmt":"2025-03-11T08:34:00","guid":{"rendered":"https:\/\/eosgmbh.com\/?p=433"},"modified":"2025-03-11T15:47:46","modified_gmt":"2025-03-11T14:47:46","slug":"glossary-for-isms-bcms","status":"publish","type":"post","link":"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/","title":{"rendered":"Glossary for ISMS &amp; BCMS"},"content":{"rendered":"<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column blogcontent is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:710px\">\n<p>Information security (IS) and business continuity (BC) are two essential management systems in today's networked world. In order to minimize risks, ensure business continuity and effectively manage emergencies and crises, institutions, companies or authorities need resilient IT, infrastructure, systems, but also aware employees. In this context, it is important to speak a common language, to use a common literature. With this glossary you can get a compact overview of the most important terms in these areas that you should know! <em>Reading time 7 minutes<\/em> |&nbsp;<em>compiled by: Ayhan Dagli<\/em><\/p>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Informationssicherheits-managementsystem_ISMS\" >Information security management system (ISMS)<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Angriff\" >Attack:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Angriffsvektor\" >Attack vector:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Assets\" >Assets:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Basis-Absicherung\" >Basic protection:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Basis-Anforderung\" >Basic requirement:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Bedrohung\" >Threat:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Gefahr\" >Danger:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Gefahrdung\" >Hazard:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Geltungsbereich\" >Scope of application:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Informationssicherheit_IS\" >Information Security (IS):<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Informationssicherheitsbeauftragter_ISB\" >Information Security Officer (ISB):<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Informationssicherheitsmanagement_IS-Management\" >Information security management (IS management):<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Informationssicherheitsmanagementsystems_ISMS\" >information security management system (ISMS):<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Informationssicherheitsmanagement-Team_IS-Management-Team\" >Information Security Management Team (IS Management Team):<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Informationsverbund\" >Information network:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Kern-Absicherung\" >Core protection:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#IT-Sicherheit\" >IT security:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#bereinigter_Netzplan\" >(adjusted) network:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Leitlinie_zur_Informationssicherheit\" >Guideline on information security:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Ransomware\" >Ransomware:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Resilienz\" >Resilience:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Risiko\" >Risk:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Risikomanagement\" >Risk management:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Schwachstelle\" >Vulnerability:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Schutzbedarf\" >Protection requirements:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Schutzziele\" >Protection goals:<\/a><ul class='ez-toc-list-level-5' ><li class='ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Vertraulichkeit\" >Confidentiality<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-29\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Integritat\" >Integrity<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-30\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Verfugbarkeit\" >Availability<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-31\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Authentizitat\" >Authenticity<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-32\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Sicherheitsmasnahme\" >Security measure:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-33\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Social_Engineering\" >Social engineering:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-34\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Standard-Absicherung\" >Standard coverage:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-35\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#TOM\" >TOM:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-36\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Zertifizierung\" >Certification:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-37\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Zielobjekt\" >Target object:<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-38\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Business_Continuity_Management_System_BCMS\" >Business Continuity Management System (BCMS)<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-39\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Allgemeine_Aufbauorganisation_AAO\" >General organizational structure (AAO):<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-40\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Audit_und_Revision\" >Audit and revision:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-41\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Business_Continuity_Management_System_BCMS-2\" >Business Continuity Management System (BCMS):<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-42\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#BC-Konzept_Notfallkonzept\" >BC concept \/ emergency concept:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-43\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Besondere_Aufbauorganisation_BAO\" >Special organizational structure (BAO):<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-44\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Business_Impact_Analyse_BIA\" >Business Impact Analysis (BIA):<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-45\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Geschaftsfortfuhrungsplan_GFP\" >Business continuation plan (CFP):<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-46\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Kenngrosen\" >Parameters:<\/a><ul class='ez-toc-list-level-5' ><li class='ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-47\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#MTPD_Maximum_Tolerable_Period_of_Disruption_MAO_Maximum_Acceptable_Outage_MTA_Maximal_tolerierbare_Ausfallzeit\" >MTPD (Maximum Tolerable Period of Disruption) \/ MAO (Maximum Acceptable Outage) \/ MTA (Maximum Tolerable Downtime)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-48\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#RPA_Recovery_Point_Actual_tatsachlicher_zu_erwartender_Datenverlust\" >RPA (Recovery Point Actual \/ actual expected data loss)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-49\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#RPO_Recovery_Point_Objective_MDL_Maximum_Data_Loss_Maximal_tolerierbarer_Datenverlust\" >RPO (Recovery Point Objective) \/ MDL (Maximum Data Loss) \/ Maximum Tolerable Data Loss)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-50\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#RTA_Recovery_Time_Actual_Tatsachliche_Wiederanlaufzeit_WAZ\" >RTA (Recovery Time Actual \/ Actual Restart Time (WAZ))<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-51\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#RTO_Recovery_Time_Objective_Geforderte_Wiederanlaufzeit_WAZ\" >RTO (Recovery Time Objective \/ Required Restart Time (WAZ))<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-52\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Krise\" >Crisis:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-53\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Leitlinie_zum_BCMS\" >Guideline on BCMS:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-54\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Notbetrieb\" >Emergency operation:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-55\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Notbetriebsniveau\" >Emergency operating level:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-56\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Notfall\" >Emergency:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-57\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Notfallbewaltigung\" >Emergency response:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-58\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Notfallhandbuch\" >Emergency manual:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-59\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Notfallmasnahmen\" >Emergency measures:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-60\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Notfallvorsorge\" >Emergency preparedness:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-61\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Notfallvorsorgekonzept\" >Emergency preparedness concept:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-62\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#NuK_Notfall-_und_Krisenkommunikation\" >NuK (emergency and crisis communication):<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-63\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Organisationseinheit_OE\" >Organizational unit (OU):<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-64\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Ressource\" >Resource:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-65\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Schaden\" >Damage:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-66\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Schadensereignis\" >Damage event:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-67\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Schutzgut\" >Protected good:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-68\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Storung\" >Malfunction:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-69\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Wiederanlaufplan_WAP\" >Restart plan (WAP):<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-70\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Wiederherstellungsplan_WHP\" >Recovery Plan (WHP):<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-71\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Zeitkritisch\" >Time-critical:<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-72\" href=\"https:\/\/eosgmbh.com\/en\/glossary-for-isms-bcms\/#Quellen\" >Sources<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Informationssicherheits-managementsystem_ISMS\"><\/span>Information security management system (ISMS)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Angriff\"><\/span>Attack:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>An attack is a deliberate form of endangerment, namely an unwanted or unauthorized act with the aim of gaining an advantage or harming a third party. An attack can also be carried out on behalf of a third party who wants to gain an advantage.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Angriffsvektor\"><\/span>Attack vector:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>An attack vector is the combination of attack path and technique used by an attacker to gain access to IT systems.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Assets\"><\/span>Assets:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Assets are stocks of objects that are required for a specific purpose, particularly to achieve business objectives. The English term \"asset\" is often translated as \"value\". In German, however, value is a term with many meanings, from the social significance of something to the intrinsic quality of an object. In IT-Grundschutz, the term \"assets\" is used in the sense of \"valuable or valuable target objects\".<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Basis-Absicherung\"><\/span>Basic protection:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>A term from the BSI IT baseline protection.<\/p>\n\n\n\n<p>The basic protection procedure checks compliance with the basic requirements of IT baseline protection. As an introduction to IT baseline protection, basic protection enables a broad, fundamental initial protection to be carried out across all of a company's business processes and specialist procedures.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Basis-Anforderung\"><\/span>Basic requirement:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>A term from the BSI IT baseline protection. The basic requirements serve as a simplified introduction to information security management. This is the basic initial protection of business processes and resources. In the basic protection procedure, only the fulfillment of the basic requirements is checked.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Bedrohung\"><\/span>Threat:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>A threat is generally a circumstance or event that can cause damage. Examples of threats are force majeure, human error, technical failure or intentional acts. If a threat encounters a weak point (in particular technical or organizational deficiencies), a hazard arises.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Gefahr\"><\/span>Danger:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Danger is often seen as an overarching term, whereas hazard is understood as a more precisely described danger (defined in terms of type, size and direction in terms of space and time). An example of a hazard is data loss. Data loss can be caused by a defective hard disk or people stealing the hard disk.<em>Definition of the BBK:<\/em> Condition, circumstance or process that can cause damage to a protected good.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Gefahrdung\"><\/span>Hazard:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>A hazard is a threat that has a concrete effect on an object via a vulnerability. A threat therefore only becomes a danger to an object through an existing vulnerability.<em>Definition of the BBK:<\/em> The possibility that a hazard at a specific location will result in an event of a certain intensity that may cause damage to a protected asset.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Geltungsbereich\"><\/span>Scope of application:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>see information network<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Informationssicherheit_IS\"><\/span>Information Security (IS):<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>The aim of information security is to protect information. Information can be stored on paper, in IT systems or even in people's heads. The protection goals or basic values of information security are confidentiality, integrity and availability. Many users include other basic values in their considerations. Information security is more than just IT security.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Informationssicherheitsbeauftragter_ISB\"><\/span>Information Security Officer (ISB):<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>A person with expertise in information security in a staff unit of an institution who is responsible for all aspects of information security. The role of the person responsible for information security is called differently depending on the type and orientation of the company, e.g. Chief Information Security Officer (CISO), Chief Security Officer (CSO), Information Security Officer (ISO), Information Security Manager (ISM) or IT Security Officer (IT-SiBe)<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Informationssicherheitsmanagement_IS-Management\"><\/span>Information security management (IS management):<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>The planning, management and control task required to establish and continuously implement a well thought-out and effective process for establishing information security is referred to as information security management. This is a continuous process whose strategies and concepts must be constantly reviewed for their efficiency and effectiveness and updated as necessary.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Informationssicherheitsmanagementsystems_ISMS\"><\/span>information security management system (ISMS):<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>An ISMS includes the definition of procedures and rules within an organization that serve to permanently define, control, monitor, maintain and continuously improve information security.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Informationssicherheitsmanagement-Team_IS-Management-Team\"><\/span>Information Security Management Team (IS Management Team):<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>The IS management team is a unit that makes sense to set up in large organizations and institutions. The team supports the CISO by coordinating overarching measures in the overall organization, compiling information and carrying out control tasks.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Informationsverbund\"><\/span>Information network:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Scope of a security concept that has a reasonable minimum size within an institution and is clearly distinguishable from other information networks. An information network comprises the entirety of infrastructural, organizational, personnel and technical components that serve to perform tasks in a specific area of information processing.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Kern-Absicherung\"><\/span>Core protection:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>A term from the BSI IT baseline protection. Core protection initially focuses on the business processes and assets (crown jewels) that are particularly at risk.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"IT-Sicherheit\"><\/span>IT security:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>IT security describes the protection of the IT infrastructure, for example servers, networks, end devices, operating systems and applications.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"bereinigter_Netzplan\"><\/span>(adjusted) network:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>A term from the BSI IT baseline protection.<\/p>\n\n\n\n<p>A network diagram is a graphical overview of the components of a network and their connections. A cleansed network diagram can be used to quickly show third parties the business process and IT structures within the institution, as the level of detail is reduced to the necessary level in a cleansed network diagram. A cleansed network diagram is also a useful basis for certification.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Leitlinie_zur_Informationssicherheit\"><\/span>Guideline on information security:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>The guideline is a central document for the information security of an organization. It describes for which purposes, with which means and with which structures information security is to be established within the organization. It contains the information security objectives pursued by the organization as well as the security strategy pursued. The security guideline thus also describes the desired level of security in an authority or company via the security objectives.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Ransomware\"><\/span>Ransomware:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Ransomware refers to malware that restricts or prevents access to data and systems and only releases these resources again against payment of a ransom. This is an attack on the security objective of availability and a form of digital blackmail.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Resilienz\"><\/span>Resilience:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>In this context, the term refers to the resilience of IT systems against security incidents or attacks. The resilience of systems results from a complex interplay of organizational and technical preventive measures such as specialist personnel, IT security budget, available technical infrastructures or similar.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Risiko\"><\/span>Risk:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Risk is often defined as the combination (i.e. the product) of the frequency with which a loss occurs and the extent of this loss. The loss is often presented as the difference between a planned and unplanned result. Risk is a special form of uncertainty or rather imponderability.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Risikomanagement\"><\/span>Risk management:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Risk management refers to all activities relating to the strategic and operational handling of risks, i.e. all activities to identify, manage and control risks for an institution. Risk management includes<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Identification of risks,<\/li>\n\n\n\n<li>Assessment and evaluation of risks,<\/li>\n\n\n\n<li>Treatment of risks,<\/li>\n\n\n\n<li>Monitoring of risks and<\/li>\n\n\n\n<li>Risk communication.<\/li>\n<\/ul>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Schwachstelle\"><\/span>Vulnerability:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>A vulnerability or security gap is usually an error or weakness, e.g. in an application or system, which can be misused for unwanted or malicious actions.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Schutzbedarf\"><\/span>Protection requirements:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>The protection requirement describes what protection is sufficient and appropriate for the business processes, the information processed and the information technology used.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Schutzziele\"><\/span>Protection goals:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<div style=\"height:25px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<h5 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Vertraulichkeit\"><\/span>Confidentiality<span class=\"ez-toc-section-end\"><\/span><\/h5>\n\n\n\n<p>Confidentiality is the protection against unauthorized disclosure of information. Confidential data and information may only be accessible to authorized persons in the permitted manner.<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<h5 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Integritat\"><\/span>Integrity<span class=\"ez-toc-section-end\"><\/span><\/h5>\n\n\n\n<p>Integrity refers to ensuring the correctness (intactness) of data and the correct functioning of systems. When the term integrity is applied to \"data\", it means that the data is complete and unchanged. In information technology, however, it is usually defined more broadly and applied to \"information\". The term \"information\" is used for \"data\" which, depending on the context, can be assigned certain attributes such as authorship or time of creation. The loss of integrity of information can therefore mean that it has been altered without authorization, details of the author have been falsified or the time of creation has been manipulated.<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<h5 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Verfugbarkeit\"><\/span>Availability<span class=\"ez-toc-section-end\"><\/span><\/h5>\n\n\n\n<p>The availability of services, functions of an IT system, IT applications or IT networks or even information is ensured if these can always be used by users as intended.<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<h5 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Authentizitat\"><\/span>Authenticity<span class=\"ez-toc-section-end\"><\/span><\/h5>\n\n\n\n<p>Authenticity refers to both proof of identity and the authenticity of the data itself. It describes the ability of an entity (e.g. a person, a system or a message) to be identified as genuine and trustworthy. This protection objective is generally regarded as a component of integrity.<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Sicherheitsmasnahme\"><\/span>Security measure:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>A security measure (measure for short) refers to all actions that serve to control and counteract security risks. This includes organizational as well as personnel, technical or infrastructural security measures. Security measures serve to fulfill security requirements.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Social_Engineering\"><\/span>Social engineering:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>In cyber attacks using social engineering, criminals try to trick their victims into disclosing data on their own, bypassing protective measures or installing malware on their systems themselves. In both cybercrime and espionage, attackers use clever methods to exploit supposed human weaknesses such as curiosity or fear in order to gain access to sensitive data and information.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Standard-Absicherung\"><\/span>Standard coverage:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>A term from the BSI IT baseline protection. Standard protection essentially corresponds to the classic IT baseline protection approach of BSI Standard 100-2. With standard protection, the ISB can protect the assets and processes of an institution both comprehensively and in depth.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"TOM\"><\/span>TOM:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Technical and organizational measures (TOM) are measures taken by organizations to ensure the security and protection of personal data in accordance with the GDPR.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Zertifizierung\"><\/span>Certification:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Certification is a method of verifying the achievement of safety objectives and the implementation of safety measures by qualified independent bodies.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Zielobjekt\"><\/span>Target object:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>A term from the BSI IT-Grundschutz. Target objects are parts of the information network to which one or more modules from the IT-Grundschutz compendium can be assigned during modeling. Target objects can be physical objects, e.g. IT systems. However, target objects are often logical objects, such as organizational units, applications or the entire information network.<\/p>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Business_Continuity_Management_System_BCMS\"><\/span>Business Continuity Management System (BCMS)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Allgemeine_Aufbauorganisation_AAO\"><\/span>General organizational structure (AAO):<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Permanent form of organization in which the daily tasks of an institution are structured according to the following criteria:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>hierarchical structure<\/li>\n\n\n\n<li>Responsibilities<\/li>\n<\/ul>\n\n\n\n<p>Communication and decision-making channels<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Audit_und_Revision\"><\/span>Audit and revision:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>The meaning of the terms \"<em>Audit\"<\/em> and <em>\"Revision\" <\/em>is understood differently. The BSI standard 200-4 uses these terms as follows:<\/p>\n\n\n\n<p>A <em>Audit<\/em> tests against a standard for the purpose of certification and is therefore usually carried out by external parties.<\/p>\n\n\n\n<p>One <em>Revision<\/em> also deals with a specific area with a defined procedure. However, the aim of an audit is not certification, but the identification of weaknesses, deficiencies and recommendations for action. Audits are categorized as follows:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An external audit is carried out by external parties.<\/li>\n\n\n\n<li>An internal audit is carried out by the institution's own employees.<\/li>\n<\/ul>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Business_Continuity_Management_System_BCMS-2\"><\/span>Business Continuity Management System (BCMS):<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Structures, rules and organization within an institution in order to achieve an orderly continuation of business after loss events in the institution.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"BC-Konzept_Notfallkonzept\"><\/span>BC concept \/ emergency concept:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>It includes an emergency preparedness concept and an emergency manual.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Besondere_Aufbauorganisation_BAO\"><\/span>Special organizational structure (BAO):<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Temporary form of organization for extensive and complex tasks, especially for measures for special occasions that cannot be handled within the framework of the AAO. In this form of organization, temporary responsibilities, hierarchies and communication and decision-making channels apply that deviate from normal operations.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Business_Impact_Analyse_BIA\"><\/span>Business Impact Analysis (BIA):<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Structured investigation with the aim of identifying (time) critical business processes and resources (assets). To this end, the direct and indirect potential consequential losses for the institution caused by the failure of business processes are determined. The requirements for restarting business processes are derived from this.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Geschaftsfortfuhrungsplan_GFP\"><\/span>Business continuation plan (CFP):<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Plan that documents how an institution reacts at the process level to a business interruption following a resource failure. CFP is based on the process level.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Kenngrosen\"><\/span>Parameters:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<div style=\"height:25px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<h5 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"MTPD_Maximum_Tolerable_Period_of_Disruption_MAO_Maximum_Acceptable_Outage_MTA_Maximal_tolerierbare_Ausfallzeit\"><\/span>MTPD (Maximum Tolerable Period of Disruption) \/ MAO (Maximum Acceptable Outage) \/ MTA (Maximum Tolerable Downtime)<span class=\"ez-toc-section-end\"><\/span><\/h5>\n\n\n\n<p>Maximum time limit up to which a business process may fail before intolerable effects occur for an institution. The upper limit is determined on the basis of a damage assessment of the business process in question.<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<h5 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"RPA_Recovery_Point_Actual_tatsachlicher_zu_erwartender_Datenverlust\"><\/span>RPA (Recovery Point Actual \/ actual expected data loss)<span class=\"ez-toc-section-end\"><\/span><\/h5>\n\n\n\n<p>Actual, expected data loss in the event of a loss event. The RPA is usually specified as the actual data backup cycle per application, IT system or business process<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<h5 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"RPO_Recovery_Point_Objective_MDL_Maximum_Data_Loss_Maximal_tolerierbarer_Datenverlust\"><\/span>RPO (Recovery Point Objective) \/ MDL (Maximum Data Loss) \/ Maximum Tolerable Data Loss)<span class=\"ez-toc-section-end\"><\/span><\/h5>\n\n\n\n<p>Value for the maximum age that available data may have in order to be able to operate time-critical business processes after an interruption.<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<h5 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"RTA_Recovery_Time_Actual_Tatsachliche_Wiederanlaufzeit_WAZ\"><\/span>RTA (Recovery Time Actual \/ Actual Restart Time (WAZ))<span class=\"ez-toc-section-end\"><\/span><\/h5>\n\n\n\n<p>Actual restart time, actual RTA describes the time from when the emergency is declared to when the emergency solution is actually put into operation, e.g. by switching to an alternative or replacement resource. The RTA can be determined and verified during exercises and tests.<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<h5 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"RTO_Recovery_Time_Objective_Geforderte_Wiederanlaufzeit_WAZ\"><\/span>RTO (Recovery Time Objective \/ Required Restart Time (WAZ))<span class=\"ez-toc-section-end\"><\/span><\/h5>\n\n\n\n<p>Required restart time, required WAZ describes the period from the time the emergency is declared until the time the emergency solution is put into operation as required, e.g. by switching to an alternative or replacement resource. RTO \/ WAZ should be less than MTPD \/ MTA.<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Krise\"><\/span>Crisis:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>A crisis is defined as a damaging event that has a massive negative impact on the institution and whose effects on the institution cannot be overcome during normal operations.<\/p>\n\n\n\n<p>In contrast to an emergency, however, there are no specific emergency plans for dealing with a crisis, existing emergency plans cannot be adapted or can only be adapted to a limited extent or are simply not effective. Within the institution, the crisis is managed by measures initiated by the BAO. Crises can occur immediately or escalate from a disruption or emergency.<\/p>\n\n\n\n<p><em>Definition of the BBK:<\/em> A situation deviating from the normal state with the potential for or with already occurred damage to protected goods, which can no longer be managed with the normal organizational structure and process organization, so that a special organizational structure (BAO) is required.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Leitlinie_zum_BCMS\"><\/span>Guideline on BCMS:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>The BCMS guideline defines objectives and general requirements for the BCMS at the strategic level. This guideline thus provides the binding framework and mandate for all further BCMS activities and documentation. It describes why and under what conditions the BCMS is set up and operated, as well as the general objectives for the BCM.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Notbetrieb\"><\/span>Emergency operation:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Business operations that take place after a loss event, possibly with restrictions, which ensure the necessary and time-critical functions of the affected business processes.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Notbetriebsniveau\"><\/span>Emergency operating level:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>The minimum business continuity objective (MBCO) defines how efficient the emergency operation should be in order to ensure meaningful business operations. The performance of the emergency operation can be specified as a percentage, for example, or alternatively activities can be prioritized.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Notfall\"><\/span>Emergency:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Emergencies are interruptions to business operations that affect at least one time-critical business process that cannot be restored during normal operation within the maximum tolerable downtime.<\/p>\n\n\n\n<p>In contrast to disruptions, a special organizational structure (BAO) is required to deal with emergencies. In contrast to a crisis, suitable plans are available for dealing with emergencies or existing plans can be adapted. Emergencies can also occur before the damaging event leads to an interruption of business operations. All that is required is the risk that business operations could be interrupted by the damaging event.<\/p>\n\n\n\n<p><em>Definition of the BBK:<\/em> A situation with the potential for or already occurring damage to protected assets that may require state-organized assistance in addition to self-help measures by individuals.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Notfallbewaltigung\"><\/span>Emergency response:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>All internal activities within the institution that serve to ensure that, after the occurrence of an emergency<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>to go into emergency mode,<\/li>\n\n\n\n<li>maintain emergency operations and<\/li>\n\n\n\n<li>to return to normal operation.<\/li>\n<\/ul>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Notfallhandbuch\"><\/span>Emergency manual:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Document containing all the information required for emergency management. The document includes, for example, all emergency plans, the staff's rules of procedure and the communication concept.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Notfallmasnahmen\"><\/span>Emergency measures:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>All measures that are developed preventively and implemented when an emergency occurs in order to limit the damage and continue business processes. <\/p>\n\n\n\n<p>This includes all measures for restarting and continuing business as well as all immediate measures.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Notfallvorsorge\"><\/span>Emergency preparedness:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>All preventive measures and procedures carried out before the occurrence of a loss event.<\/p>\n\n\n\n<p><em>Definition of the BBK:<\/em> Sum of all measures aimed at the time after the occurrence of an emergency, but which are taken beforehand. Emergency preparedness as a generic term also includes emergency planning and other measures to be taken in the run-up to an emergency.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Notfallvorsorgekonzept\"><\/span>Emergency preparedness concept:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>The emergency preparedness concept contains a description of all organizational and conceptual aspects of the BCMS as well as regulations and specifications for individual BCM process steps.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"NuK_Notfall-_und_Krisenkommunikation\"><\/span>NuK (emergency and crisis communication):<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Activities that are carried out before or during a crisis or emergency and, if necessary, after it has been dealt with, in order to collect and verify relevant information and distribute it to internal and external target groups.<\/p>\n\n\n\n<p>For emergency and crisis communication, appropriate concepts for dealing with the various interest groups, e.g. employees and the media, are developed in advance. If necessary, these concepts are adapted and continuously revised as part of the management process.<\/p>\n\n\n\n<p><em>Definition of the BBK:<\/em> Crisis communication:Exchange of information and opinions during a crisis to prevent or limit damage to a protected asset.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Organisationseinheit_OE\"><\/span>Organizational unit (OU):<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Logical unit of an institution, e.g. a location, a department or a specialist area<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Ressource\"><\/span>Resource:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>All physical and digital assets that are required to carry out business processes. Assets in the business sense are, for example, personnel, IT systems, buildings, service companies, machines or operating resources.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Schaden\"><\/span>Damage:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Damage is any material or immaterial disadvantage suffered by a person or thing as a result of an event.<\/p>\n\n\n\n<p><em>Definition of the BBK:<\/em> Negatively assessed impact of an event on a protected resource.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Schadensereignis\"><\/span>Damage event:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Incident that leads to a deviation from an expected result.<\/p>\n\n\n\n<p><em>Definition of the BBK:<\/em> Coincidence of danger and protected good with the occurrence of damage.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Schutzgut\"><\/span>Protected good:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p><em>Definition of the BBK: <\/em>Anything that is to be protected from damage due to its non-material or material value.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Storung\"><\/span>Malfunction:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>A disruption is a situation in which processes or resources are not available as intended. Disruptions are usually rectified within normal operations by the institution's general organizational structure (GOS).<\/p>\n\n\n\n<p>Existing processes for troubleshooting or incident management are used for this purpose. However, faults can escalate into an emergency.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Wiederanlaufplan_WAP\"><\/span>Restart plan (WAP):<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Documentation that describes how an institution can compensate for lost resources, e.g. by implementing emergency solutions or substitute solutions. The aim of compensation is to ensure emergency operations that guarantee business continuity. WAP is based on the resource level.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Wiederherstellungsplan_WHP\"><\/span>Recovery Plan (WHP):<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Documentation that describes how failed resources can be restored to normal operation. WHP is based on resource level.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:55px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Zeitkritisch\"><\/span>Time-critical:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Classification for all business processes or resources whose failure within a specified period of time could lead to unacceptable damage for an institution, possibly threatening its existence. <\/p>\n\n\n\n<p>The classification of resources is derived from the classification of the business processes that require the respective resources.<\/p>\n<\/div>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Quellen\"><\/span>Sources<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>The following sources were used in the preparation of this article:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>BSI Standard 200-2 IT-Grundschutz methodology<\/li>\n\n\n\n<li>BSI-The Situation Report IT Security in Germany 2024<\/li>\n\n\n\n<li>BSI IT baseline protection compendium<\/li>\n\n\n\n<li>BSI Standard 200-4 Business Continuity Management (BCM)<\/li>\n\n\n\n<li>Glossary for BSI Standard 200-4<\/li>\n\n\n\n<li>Glossary of the Federal Office of Civil Protection and Disaster Assistance (BBK)<\/li>\n\n\n\n<li>https:\/\/wiki.isms-ratgeber.info\/wiki\/Abk%C3%BCrzungen<\/li>\n\n\n\n<li>https:\/\/www.pd-g.de\/assets\/Aktuell-im-Fokus\/Informationssicherheit\/240904_Informationssicherheit_Glossar.pdf<\/li>\n<\/ul>\n<\/div>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Informationssicherheit (IS) bzw. Business Continuity (BC) sind zwei wesentliche Managementsysteme in der heutigen vernetzten Welt. Um die Risiken zu minimieren, die Gesch\u00e4ftskontinuit\u00e4t zu sichern und Notf\u00e4lle und Krisen effektiv zu bew\u00e4ltigen, ben\u00f6tigen die Institutionen, Unternehmen oder Beh\u00f6rden resiliente IT, Infrastruktur, Systeme aber auch bewusste Mitarbeiter. In diesem Zusammenhang ist es wichtig, eine gemeinsame Sprache zu [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":434,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-433","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-eos-gmbh"],"acf":[],"_links":{"self":[{"href":"https:\/\/eosgmbh.com\/en\/wp-json\/wp\/v2\/posts\/433","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/eosgmbh.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/eosgmbh.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/eosgmbh.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/eosgmbh.com\/en\/wp-json\/wp\/v2\/comments?post=433"}],"version-history":[{"count":11,"href":"https:\/\/eosgmbh.com\/en\/wp-json\/wp\/v2\/posts\/433\/revisions"}],"predecessor-version":[{"id":763,"href":"https:\/\/eosgmbh.com\/en\/wp-json\/wp\/v2\/posts\/433\/revisions\/763"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/eosgmbh.com\/en\/wp-json\/wp\/v2\/media\/434"}],"wp:attachment":[{"href":"https:\/\/eosgmbh.com\/en\/wp-json\/wp\/v2\/media?parent=433"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/eosgmbh.com\/en\/wp-json\/wp\/v2\/categories?post=433"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/eosgmbh.com\/en\/wp-json\/wp\/v2\/tags?post=433"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}