Awareness is an elementary security measure in the everyday use of IT systems and, alongside software security, is a pillar of the security of data that is repeatedly targeted by hackers, as was recently the case with the Hessian IT service provider Count and Care [1] .
Ultimately, IT security is only as good as the person operating the system. This leads to the logical consequence of generating a certain level of problem awareness among all employees with regard to this issue. Building on this, a change in behavior towards secure digital handling can be achieved, which then represents a stable foundation for data sovereignty.
However, the rhetoric of “people as a security gap” is met with a broad response, which can have a destructive effect. The Federal Office for Information Technology therefore places people in the position of a defensive shield and recommends a series of awareness programs [2] .
In addition, large stores such as Douglas, Kaufhof, etc. use software programs that are intended to sensitize employees to cybersecurity in a playful way, given that the ability to learn is greater in this way than from a trivial lecture by an IT expert.
The Committee should decide
The magistrate is asked to answer the following questions:
- Does the LHW have a current awareness method for municipal companies or their employees? If so, what does it look like? Are software programs used and if so, which ones?
- Does the magistrate know whether the LHW has been the victim of a successful cyberattack since the last legislative period? If so, what was the nature of the attack and how did the LHW respond to it?
- If there is currently no adequate awareness method/software to sensitize employees, the magistrate is asked to develop one and present it to the committee.
[1] https://www.sueddeutsche.de/panorama/kritikitaet-wiesbaden-cyberattack-auf-it-firma-mit-erpressungstreff-dpa.urn-newsml-dpa-com-20090101-220614-99-659979
[2] https://www.bsi.bund.de/DE/Themen/unternehmen-und-Organisationen/Informationen-und-Empommenungen/Empkommenungen-nach-Attackszielen/Factor-Mensch/Awareness/awareness_node.html