SiKoSH
SiKoSH (security for municipalities in Schleswig-Holstein) has been a project of the ITVSH (IT-Verbund Schleswig-Holstein) since 2019, formerly: KomFIT (municipal forum for information technology of the municipal state associations in Schleswig-Holstein). SiKoSH is a simple and action-oriented introduction to the basic protection methodology with a municipal focus. The basic protection profile of the BSI forms the basis for the measures to be implemented according to SiKoSH. In cooperation with local practitioners from Schleswig-Holstein and partners from other federal states, the project develops numerous aids for the development of a sustainable information security management system (ISMS) for local administrations and small and medium-sized companies. The project is supported by the Independent State Center for Data Protection , the Schleswig-Holstein State Audit Office , Dataport and external consultants.
SiKoSH procedure
The SiKoSH procedure is described in the SiKoSH standard "Procedure for setting up a municipal ISMS ". Logically related partial safety processes are summarized in the SiKoSH process model in individual phases.
Every SiKoSH phase begins with a so-called quick check. The 14 quick checks provide a quick overview of the security situation of the organization based on numerous test questions and an evaluation matrix.
For each phase there is a series of documents such as guidelines, concepts or document templates that can be adapted for your own organization. For "Phase 1 (structure and process organization ISMS)" these are above all an adaptable information security guideline and material for the appointment and regulation of the tasks of an information security officer .
After the completion of "Phase 1", the implementation of the obligatory organizational tasks is completed and the processing of a further phase can begin. SiKoSH recommends starting with employee awareness .
In addition to quick checks, which deal with issues of IT security in the narrower sense such as B. with hardware or with processes, related aspects such as e.g. B. examines and evaluates building security.
After the thirteen quick checks have been processed and the necessary measures have been implemented, "Quickcheck 14" provides test questions that make the success of the SiKoSH measures transparent and evaluate them.
After documenting the measures of the security concept with the templates provided, the iteration process in the security cycle begins again and enables improvements, adjustments and the targeted reaction to new threats to information security and data protection .
SiKoSH in comparison
SiKoSH is one of the currently used reference standards for the conception and introduction of an ISMS (information security management system). SiKoSH does not see itself as competition to standards like
SiKoSH is a simple and action-oriented introduction to the basic protection method. The unique selling points of SiKoSH in comparison to the other approaches are above all the checklists, examples for the elimination of security problems in the organization and customizable document templates. SiKoSH is particularly suitable for security practitioners in smaller public institutions and small and medium-sized companies who want to achieve a satisfactory level of information security with reasonable effort. The standard data protection model of the ULD ( Independent State Center for Data Protection Schleswig-Holstein ) can be seen as a complement to SiKoSH.
Web links
- https://www.komfit-blog.de/sikosh/ (description of the SiKoSH procedure with all aids)
- secumedia - <kes> online: Fisheman's Foe (description of an exemplary SiKoSH awareness campaign (live phishing training) at the state capital of Kiel)
- Knierim TV Filmproduktion: SiKoSH Awareness for Municipalities - Youtube video for SiKoSH with Ulf K Merger (Lord Mayor of the State Capital Kiel), Marit Hansen (Data Protection Officer of the State of Schleswig-Holstein) and Werner Degenhardt (Ludwig Maximilians University Munich)