VBS strengthens information security
The DDPS is reassessing the risks of the information systems. These are to be better monitored in the future. The measures are based on an audit report by the internal audit department of the DDPS.
Since 2018, the DDPS has been managing its information security risks with a so-called information management system (ISMS). This is based on the international standard ISO/IEC 27001, which specifies requirements for the implementation of appropriate security mechanisms to ensure that cybersecurity risks are systematically identified and managed.
An audit by the internal auditors of the DDPS revealed that this ISMS was not yet having the expected effect at the level of the department, according to a statement by the federal government. The head of the DDPS, Viola Amherd, has consequently various measures ordered. On the one hand, an ongoing site assessment is to be carried out by the end of 2021 in order to determine by when ISO certification of the entire department would be possible.
On the other hand, a standardized ISMS application is to allow optimized risk management in the future in order to be able to manage administrative units of the DDPS as well as the General Secretariat "more systematically, simply and efficiently".
To the audit report "ISMS.VBS Audit" dated January 18, 2021 (PDF).
Source: VBS
