verinice.XP

Security management in hospitals needs integrated workflows - cape IT Managing Director Rico Barth offers a practical look at the integration of the ISMS solution verinice and KIX Service Software at the verinice.XP user conference for information security. 

In recent months, relevant examples have shown how important a functioning security management in hospitals (KH) is not only on a technical but also on an organisational level. Until recently, this applied only to larger hospitals, but since the amendment of the German Social Code Book V, all hospitals are required to establish Information Security Management (ISM) from 01.01.22 onwards. Hospitals and especially the IT departments are obliged to implement the necessary measures so that ISM is not only considered theoretically, but is also supported practically with work processes, IT support and documentation.

IT Service Management (ITSM), based on ITIL, has established itself internationally and is recognised. Security management and ISM processes are part of ITIL. In order to retain the freedom of decision and design of the IT departments and the hospital itself, open source software solutions are coming into focus. KIX is one such open source software for ITSM and is suitable due to its comprehensive workflow certification. verinice focuses on ISM and includes, among other things, the implementation of the sector-specific security standard for healthcare in hospitals (B3S Krankenhaus).

One of the most important sources of information for the IT department is the asset and configuration management database (CMDB). Due to the KRITIS programme of the Federal Government for the protection of critical infrastructures and now due to the requirements of the SGB V, physical protection and IT security are converging. Technical equipment is growing together, the CMDB and the workflows based on it are coming more into focus.

The integration of KIX and verinice in the concrete context of the ISM of a hospital will be explained on the basis of practical examples. From the point of view of bringing together all information for security management and audits, the integration of the processes in security management into those of the classic IT service will be addressed.

The technical integration of the CMDB for modelling the IT network or the IT organisation is discussed. Possibilities for determining the need for protection and the risk assessment based on it as well as the derivation of security measures to be implemented are shown. The technical integration of KIX and verinice in the surrounding IT landscape, in monitoring systems, server and client management solutions is also discussed.