- Basiswissen und Grundsätze der Informationssicherheit
- Verantwortungsvoller Umgang mit Informationen
- Korrektes Handeln bei Verdacht auf eine Gefahr für die Informationssicherheit
- Kennenlernen unterschiedlicher Betrugs-Methoden (Social Engineering, Schadsoftware, Phishings usw.) More info
OTHER COURSES FROM THIS CHANNEL
20 - 25 Min.
"A person's voice is his second face." - Let’s recognize the second face of hack
20 - 25 Min.
Information Security Basics
Learn the basics of information security and protect information in the company.
Exposing the perfidious tricks and manipulations of attackers and reacting corre
30 - 35 Min.
Create clarity and structure through information classification - the foundation
20 - 25 Min.
"Wait, that wasn't from the boss at all??" - Get to know different methods of CE
25 - 30 Min.
Information security when traveling
Ensuring that information security does not take a back seat even on business tr
Informationssicherheit nach BAIT
Die BaFin stellt mit dem BAIT neue Anforderungen an Finanzinstitute. Eine davon
Financial world has high demands on IT - BaFin calls for information security awareness
After the Wirecard disaster, confidence in BaFin's work was severely shaken. Critics asked: "Is BaFin even up to its tasks anymore?". As a result, a reform of the authority was launched to restore the destroyed trust. The management team also had to go. Federal Finance Minister Olaf Scholz (SPD) spoke of transforming BaFin into a "financial regulator with bite." This is to be achieved both with powerful personnel and with innovative IT solutions. After all, in the globalized world of finance, information technology is more important than ever - and the demands on IT are high.
BAIT as a "central building block for IT supervision of the banking sector".
At the end of 2017, BaFin published the Banking IT Supervisory Requirements (BAIT) for the first time. They are regarded as the "central building block for IT supervision of the banking sector in Germany". The BAIT came into force immediately upon publication. The BAIT circular was addressed "to all credit institutions and financial services institutions in the Federal Republic of Germany."
The paper, which was updated again in September 2018, lists a total of 61 requirements that must be met by banking IT. The individual sections of the document deal, for example, with topics such as IT governance or IT risk management. It deals with reporting obligations between newly appointed information security officers and the bank's management boards, with the review of IT security in day-to-day business, data backup and data processing by third parties. In short, BAIT basically expanded the existing minimum requirements for banks' risk management (MaRisk).
BaFin's BAIT regulations were received with mixed feelings by some of the recipients - after all, more regulation always means more work. In addition, many of the banks' IT systems had grown over the years, contained a large number of in-house developments and quite a few areas had been outsourced to service providers.
BaFin paves the way for comprehensive IT risk management with BAIT
BaFin's fear at the time was that without comprehensive IT risk management, financial service providers could lose sight of information security and become vulnerable to manipulation. Since the computer systems of banks and the like are critical infrastructures, such a scenario would be fatal. IT governance and information security would therefore have "the same priority for the supervisors as providing institutions with capital and liquidity."
With the entry into force of the Bank Supervisory Requirements for IT (BAIT), financial institutions were thus under obligation. From then on, they had to guarantee appropriate IT risk management. This also included, as noted under point 4 of the BAIT, "initiating and coordinating awareness and training measures on information security". These programs for employees and contractors are to address fixed content and take place at regular intervals. So financial institutions faced another challenge: How on earth were they to implement such training efficiently?
BAIT training required by BaFin also possible online
One solution for raising awareness among employees in the banking sector comes from "Security Island". The service provider has developed a digital training program in accordance with BAIT requirements. It is a so-called complete e-learning package. Content such as "Basic knowledge and principles of information security", "Responsible handling of information" or "Correct action in the event of a suspected threat to IT" is conveyed. In addition, various fraud methods such as social engineering, malware or phishing are presented in order to create awareness of these topics among the participants of the online course.
Häufig gestellte Fragen
Die "Bankaufsichtliche Anforderungen an die IT (BAIT)" gilt für Kreditinstitute, Wertpapierfirmen und Zahlungsdienstleister.
Die Zusammenfassung der Anforderungen finden Sie auf der Website der Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin). Unter dem Punkt "Informationssicherheitsmanagement 4.9" lassen sich die Anforderungen speziell an die Sensibilisierung der Mitarbeitenden und Auftragnehmenden und an die Inhalte des Schulungsprogramms nachlesen.
Lesen Sie die gesamten Anforderungen nach unter:
Our courses are delivered in SCORM 1.2 format. You can thus integrate the e-learning into your existing Learning Management System (LMS) or make it available to all desired employees via our in-house Online Academy.
All our e-learning courses are written by experienced specialist authors who are an integral part of Security Island's courses. For content-related queries and adaptations, they are available to our customers with advice and support.