CyberRiskCheck according to DIN SPEC 27076

Icon Monitoring, © NESEC GmbH

The aim of the CyberRiskCheck in accordance with the standard DIN SPEC 27076:2023-05 is to provide micro-enterprises and small companies and organizations with up to 50 employees with IT security advice at a manageably low cost. The focus is on three objectives:

  1. Determination of the actual state of information security with the most important information security risks.
  2. Identification of recommendations for action for the organization. If government support measures are available, these should be included in the results report.
  3. Raising the awareness of the management and responsible employees with regard to information security.

A CyberRiskCheck in accordance with DIN SPEC 27076 is exclusively interview-based and usually takes a maximum of 2-3 hours. As a result of the cyber risk check, you receive a report containing, among other things, the score achieved and a recommendation for action for each requirement that has not been met.

The CyberRiskCheck process therefore consists of the following steps:

  1. Initial information and commissioning
  2. Conducting the interview
  3. Evaluation of the available information and preparation of the report
  4. Presentation of the report and the derived recommendations

The participation of a managing director during the entire process is mandatory.

Conducting the Interview

In the actual interview, we interrogate 27 requirements from 6 subject areas to check whether and to what extent your organization fulfills them. Points are awarded for the fulfillment in accordance with DIN SPEC 27076. The interview to determine the current status can be conducted as a face-to-face meeting, video conference or hybrid. If available, concepts and security guidelines, e.g. for virus protection and data backup or an emergency concept, should be available during the interview.

Topics of the CyberRiskCheck:

  1. Organization & awareness
  2. Identity and authorization management
  3. Data backup
  4. Patch and change management
  5. Protection against malware
  6. IT systems and networks

The survey of the current status is expressly not intended as consulting but as a pure inventory. However, the recommendations for action in the report may result in a need for further advice for the audited organization.

What Other Information is Available?

The CyberRiskCheck and IT security consulting for small and micro enterprises was developed in the mIT Standard sicher project with funding from the Federal Ministry of Economics. A description of the objectives and the methodology used can be found in the brochure "Der CyberRisiko-Check: IT-Sicherheit einfach anpacken (PDF)".

Like all DIN standards, DIN SPEC 27076 IT-Sicherheitsberatung für Klein- und Kleinstunternehmen can only be obtained from Beuth-Verlag.

The German Federal Office for Information Security (BSI) published the brochure "Cyber-Sicherheit für KMU" in January 2023. This brochure poses 14 key questions on information security and outlines possible solutions. The brochure also contains numerous cross-references to further information.

Our Service

We audit your IT infrastructure in accordance with the specifications and questionnaire of DIN SPEC 27076. Our report provides you with specific recommendations for improving and optimizing your information security. On request, we can then advise you on the implementation of the necessary measures.

In addition to the CyberRiskCheck, we also offer a cyber security check in accordance with ISACA guidelines for medium-sized and larger companies.