On the use of Information Security Management Systems by German Energy Providers

Pape, S.; Schmitz, C.; Kipker, D-K. and Sekula, A.

In Fourteenth IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection, 2020, accepted for presentation.


Along with other requirements, the German critical infrastructure programme required critical infrastructure providers, i.e. energy providers to implement an ISMS. We used the unique opportunity to observe the implementation and surveyed all German energy providers in autumn 2016 and 2018. Our study shows, that most of the energy providers implemented an ISMS between our surveys and reported an perceived increase in information security suggesting that the critical infrastructure programme fulfilled its purpose.

Bibtexinformation systemssecuritycritical infrastructureslawcs4esidate