Author Archives: admin

[QUICK CHECK] Cyber-Security – A Solution for Small and Medium Sized Companies

Eye on technology background.

A huge number of small and medium size enterprises are highly successful in their branch. The one major condition to gain success is the deliverance of excellent products and service. A second necessity for an effective market presence, especially nowadays, is the use of a high grade and dependable IT infrastructure. And this second mainstay for every company is threatened by specialised criminals. Criminals aiming on data, know how or the mere disturbing of company operation modes to bring harm as an end in itself.

To fight this thread large companies often rely on international standards as ISO 27000. However, this is unconvertible for many smaller market participants. The goal is, to reach the best effect with an affordable method. The so called IT Quick Check, VdS Schadenverhütung (German provider of security tests and certifications) has developed, is offering a solution that is customised for SMEs.

The Quick Check is an internet tool everyone is invited to use totally free of charge. The interested company or person is asked to answer 39 questions related to the company’s internet environment and security. The results of the questionnaire are presented in a pdf the user may download. Every question is rated – is the given solution already good, acceptable or should it be enhanced – and amended with useful hints and explanations. Of course the data used for the Check is treated strictly confidentially.

➡  Start Quick-Check for Cyber-Security

The Fire Sector Summit 2017

Foriginal

Join FPA at the leading industry conference for key decision makers and influencers in the fire sector on 10-11 October at Aviva Headquarters, London. This year’s event will feature three streams of workshops: Heritage, FRS Interest and Social Housing.

FIND OUT MORE

First International VdS Fire Safety and Security Forum in China

SONY DSC
On September 6th, 2017, the first “International VdS Fire Safety and Security Forum” took place in China. The forum was organised and directed around the setting of “China Fire Expo” in Beijing, and focused primarily on topics related to fire safety and security, and first and foremost with decision-makers and disseminators from industry, politics, administration and science.

In his opening address VdS CEO Thomas Urban emphasised the extremely positive development that VdS has seen and taken note of in the Chinese market over the last 10 years. Thus VdS is now widely accepted by many representatives of the Chinese administration and is even required as a safety and security standard in some public tenders. The “International VdS Fire Safety and Security Forum” also provided an excellent platform for informing interested enterprises about the opportunities to enter the Chinese market and to promote dialogue with Chinese policy-makers and business leaders.

More information: www.vds-forum-china.de

The picture shows Lothar Sysk, VdS Chief Representative in China, with the chief magistrate of the province Hubei.

Cooperation: CFPA Europe & CTIF

cfpa-ctif

CTIF (International association of fire and rescue service) has at their annual meeting in July decided to start with endorsement of CFPA E’s Guidelines. Their “Commission Europe”, with chair Seamus Murphy, will have a important role in reading and reviewing the Guidelines, and at the July meeting they decided the procedure for endorsement.
Already in April this year Insurance Europe started with endorsement of CFPA E’s Guidelines.

The Exhibition for Risk Prevention and Management

F_10baa5a93bb6d71150f97061d959e16b57596a6a49b2c

Expoprotection is the only event in France that brings together top international specialists and the most innovative equipment and solutions, combining conferences and meeting areas. Protecting employees, premises, data and the working environment of companies, local authorities and administrations: these are the objectives that bring suppliers and contractors together every two years at the Expoprotection show in Paris .

Expoprotection covers the two complementary universes dedicated to Risk Prevention and Management

– The Occupational, natural & industrial risks area
– The Security and Firefighting area

Meet us in Paris on November 7th to 9th for 3 days of networking, conferences and innovations.

https://www.expoprotection.com/GB.htm

First International VdS Fire Safety and Security Forum in China

SONY DSC

On Wednesday, 6 September, 2017 , parallel to the China Fire Expo in Beijing, the premiere of the “International VdS Fire Safety and Security Forum in China” is taking place. This event from VdS offers professionals from industry, public authorities, and science a variety of information, impulses and opportunities for exchange on the topic of fire protection and security.
The event aims to introduce you to current developments and the latest insight concerning the topic of safety and security through interesting technical reports and the use of concrete application case studies. At the same time, we will show you how, with VdS you can increase your chances of entering into the market, minimize risks, and save costs. Expand your network and talk to representatives of the Chinese and German governments. The event ends with the celebration of the 10th anniversary of VdS-representative office in Asia.
More information: www.vds-forum-china.de

The picture shows Lothar Sysk, VdS Chief Representative in China, with the chief magistrate of the province Hubei.

Middle East Fire, Security & Safety Exhibition and Conference

MEFSEC

MEFSEC (Middle East Fire, Security & Safety Exhibition and Conference) is a leading Fire, Safety and Security show scheduled from the 3rd-5th December – 2017; and takes place at Cairo International Convention Centre (CICC) in Egypt. We aim to serve as a powerful business platform for innovations and the latest trends in the fire, safety and security sector. With rising concerns and attention on security measures across the region, MEFSEC’s renewed strategic focus will change the dynamics of the fire and security business.

50th Anniversary ANPI – 22 may 2017

FGR_0065 reduit

50th anniversary of the Fire at the Innovation

Commemoration in collaboration with Inno.
After the pain, hope is born, and with him the courage to work for a better protection against the dangers.

The awareness of politicians and rescue services in our country has helped to develop standards for fire prevention and to promote the coordination of the emergency services.

FGR_0495 reduit

 

TRIBUTE COMMUNICATED BY THE KING & QUEEN Of BELGIUMTo the families of victims, survivors, firefighters and the honorable assembly, on the occasion of the 50th anniversary of the Fire of Innovation, we express our profound sympathy to the families of the victims and the survivors of this tragedy:

It is above all to you that our thoughts directly go this day.
We also wish to pay tribute to the firefighters who, through their courage, have prevented even heavier human losses.
We salute the participants of the seminar of this afternoon and all the efforts made to improve the fire safety in our country

The King – The Queen

 

Half a century of prevention for ANPI!
ANPI that was set up in the aftermath of this tragedy, is today, 50 years later, the reference for fire prevention in Belgium. ANPI brings together the actors of fire prevention (SPF, fire departments, representatives of industries, insurers, consulting firms, specialists in prevention).
To remember the victims of the fire and celebrate the anniversary of the fire prevention initiative, ANPI brought together nearly 200 people at a commemorative ceremony and conferences over “22 May 1967, the fire of Innovation, still lessons to be learnt to guide the evolution of rules and technologies”. Subject was developed among others by Cécile Jodogne, State Secretary of the Brussels-Capital Region, main representatives of sectoral federations, Brussels fire brigade, etc.

Information Security: It depends on the right measure

cfpa-cibersecurity

Customers, partners, legislators and lawmakers are increasingly forcing companies to ensure IT-Security protection. While the international IT- Security standard ISO 27001 has been consistently implemented in several large companies, the complex catalogue of measures poses significant challenges for SMEs (small/medium-sized companies). However what options do SMEs have in the organisation of IT-Security? The most important principles are summarised in the CFPA “Protection of Business Intelligence” guide, which raises important aspects of Cyber-Security. VdS Guidelines 3473 go even further – developed specifically for small and medium-sized enterprises, they implement the fundamental requirements of the ISO standard at only 20% of the costs.

Nearly 60% of organisations in Germany have been victims of a cyber attack over the past two years. This was announced by “The Alliance for Cyber Security”. According to the auditing firm KPMG, the number of victims of e-crime has doubled since 2013. In companies, this risk is well known: 89% of those responsible see a high or very high risk for German companies to suffer from a cyber attack. However, few people fear being hit themselves. They therefore only use inadequate security measures and only react when it is too late. The fact that a separate position is created that is exclusively concerned with IT security tasks is very rare – in 85% of companies with fewer than 1,000 employees this is not the case. The consequences of an attack are devastating and range from business or production losses to financial losses or image damage.

Challenge IT-Security
However whether from entrepreneurial self-interest or due to the demands of customers, contractors and legislators and lawmakers: SMEs are increasingly forced to ensure IT-Security. Against this background, a number of well-known institutions and bodies now involve themselves with the subject of Cyber-Security. One example is the CFPA Europe, which has developed a comprehensive guide with the “Protection of Business Intelligence”, in which the essential parameters for the implementation of information security in companies are presented. And CFPA Europe is working on the development of further common guidelines and also on harmonized training courses on this topic. In addition, a large number of CFPA members are now discussing the topic, as a glance at various publications shows.

International standard is complex and expensive
The most widely known and probably the most extensive directive for Cyber-Security in larger enterprises is the internationally recognised standard ISO 27001. However, the expense, effort and resources required with ISO 27001 are significant – from risk analysis to the elaboration of the abstract standards contained in the standard, up to the implementation of the concrete measures. For SMEs the certification is therefore usually associated with too high a cost and is therefore hardly achievable. Against the background of this complexity, the statistics presented at the outset do not surprise us that companies know the risk of an attack but do not adequately protect themselves. The lack of security measures is not an expression of carelessness, rather a consequence of the overwhelming demands of IT security.

Free risk analysis as a first step
To encourage and help especially SMEs to deal with this complex topic, in several countries questionnaires are available to raise the awareness for the most important risks. A tool to carry out a first risk analysis has been developed for example by CEPREVEN, the Spanish CFPA Europe member, and it is offered online for free. More information is available at http://www.cepreven.com/cuestionario-ciberseguridad.
The German CFPA Europe-member VdS has also worked on the topic and developed a system to support SMEs with regard to cyber-security.

VdS 3473: The solution for the SMEs
One way to easily implement IT-Security is VdS 3473. This standard developed by IT experts, is oriented to ISO 27001 and implements 80% of the ISO standard at only 20% of the cost. The special strength of the VdS 3473 guidelines is in the consideration of the organisational level. Topics such as personnel, responsibilities, accesses, etc. are adequately covered and small and medium-sized enterprises are neither overburdened organically nor financially. It is not without reason that VdS 3473 is one of the top three standards for the implementation of an information security management system, according to a BSI Cyber-Security survey.

VdS Quick-Check
How do companies actually implement the VdS guidelines? The first step towards IT-Security is an individual risk analysis. On the basis of the guidelines 3473, VdS offers a free Quick-Check, which can be carried out online by the company without any additional preparation. The check includes 39 questions, which can be answered within 20 minutes. The aim of the test is to determine the individual degree of protection. In the end, companies receive two evaluations: a compact and a more detailed report. The special features of the Quick-Check are the concrete recommendation measures for immediate action and their implementation.

Quick-Check for production environments
The previous VdS-Quick-Check focuses on the field of office communication. With a second test, VdS offers an analysis tool for companies that use industrial control and automation systems in their production, so-called Industrial Control Systems (ICS). These are often not taken into account when dealing with Cyber-Security. They are at a high risk as a result of the rapid growth in communications connections within the scope of industrial 4.0 projects. The Quick-Check for ICS therefore focuses on criteria such as very high availability requirements, aspects of remote maintenance and cooperation with manufacturers.

VdS-Quick-Audit systematically covers existing security gaps
The test is followed by the Quick-Audit. The security measures implemented on the basis of the Quick-Check results are analysed in detail. The later report shows in detail what measures are to be taken, covers existing gaps and provides comprehensive suggestions for optimisation. These instructions can be implemented by companies with their own professional personnel, such as IT staff or information security officers, or by the support of VdS-approved consultants.

Certificate for customers and insurance companies
If all improvement measures are successfully implemented, companies will obtain a corresponding confirmation in the form of a certificate. With this they generate trust with their customers and partners. In addition, the certificate has yet another advantage: in order to safeguard the residual risk that remains despite comprehensive measures, companies should conclude a Cyber-Policy. Cyber-Insurance is already common practice in the USA and is also gaining in importance in Germany, especially in the face of the increasing risk potential. The certificate is used by the insurance company to assess the risk and provides more favourable policies for those companies which are proven to comply with the directives.

Just like Quick-Check and Quick-Audit, the VdS certificate is also based on the guidelines 3473 and is thus tailored to the requirements of SMEs. In order to obtain the certificate, auditors examine the necessary documentation and prove for themselves on the spot of the correct implementation of the measures. The VdS certificate has a validity of three years – however, annual, less extensive re-audits are provided. The certificate can later be used as a basis for certification in accordance with ISO 27001.

VdS Cyber-Courses are positioned in line with business practice
In order to firmly establish information security within the company, qualified employees become a decisive key factor. The necessary knowledge is provided by various VdS courses, which focus on different target groups. This includes courses for the information security officer, in which the participants learn how to interlink the necessary safety and security measures in such a way that the necessary level of protection within the company is defined and achieved with as little effort as possible. The course includes the teaching of theoretical knowledge as well as practical exercises and concludes with an examination. In addition, VdS offers courses on the VdS 3473 guidelines, for first-aid in the event of IT loss or damage, as well as a course on Cyber Security for insurers.

Conclusion
When implementing an information security management system, the question now is not whether it is necessary, but rather how it can be implemented. The reason for this is the complexity of ISO 27001, which presents small and medium-sized enterprises with insurmountable challenges. The difficulty, therefore, is to find the perfect measure of information security management. The ideal procedure takes into account the organisational business areas without overwhelming SMEs: VdS Guidelines 3473 are therefore the ideal standard for small/medium-sized businesses. The path to comprehensive protection leads through the free Quick-Check, the following audit and finally the certificate. In this way, companies achieve higher IT-Security, minimise the risk of financial losses or image damage, while still meeting the demands of customers, partners, legislators and lawmakers.

For more information on the VdS Cyber-Security standard, please visit www.vds.de/cyber
The free VdS-Quick-Check is available at www.vds-quick-check.de
The VdS courses on Cyber-Security are summarised at www.vds.de/lehrgaenge/cyber0/

Insurance Europe endorse Guideline

natural-hazards-flood

In April Insurance Europe endorsed CFPA E’s Guideline No. 1:2012 “Protection against flood”. This is the first Guideline they endorse but they will continue with endorsement and have already decided how this work will be done.

“Endorsement from Insurance Europe is very important for all users of our Guidelines and of course it shows that our work is on a high level and that we are on the right track”, said Tommy Arvidsson, Director of CFPA E. “We have also discussions about endorsement with some other organizations and soon we can inform about their first endorsed Guideline.”

Today CFPA E has ratified more than 50 Guidelines. Most of these are about fire safety but there are ten Security Guidelines and six about Natural Hazards.

To download the Guideline click here