DE
EN
Magazine Services Group

Quick Links

Often Searched

Information Security at LBBW

For Landesbank Baden-Württemberg (LBBW), the security of IT processing is a central component of its business policy. Ensuring the confidentiality, availability and integrity of information processing is crucial to our business success and that of our customers. For this very reason, LBBW has implemented a Group-wide Information Security Management System (ISMS) consisting of organizational regulations and up-to-date technical precautions.

Organization: A key component of LBBW's ISMS is the information security regulations based on the ISO 27001 standard, which the Chief Information Security Officer (CISO) uses on behalf of the Board of Managing Directors to define an appropriate level of information security that meets both regulatory and statutory requirements and is valid throughout the Group (including foreign branches and subsidiaries).

Reporting: Regular reporting by the CISO to the Management Board and other management bodies (e.g. Supervisory Board, IT-Security Board) is ensured. The reporting includes, among other things, a presentation of the audits carried out, the current risks, security-relevant incidents and measures already implemented and planned. Close involvement of the management level in the ISMS ensures that information security and the associated risks within the Group are considered appropriately and that there is sufficient security awareness.

Information risk management (IRM): The responsible handling of information from customers and business partners requires a regular process of identifying, assessing and managing information security risks. Actively dealing with these risks contributes to functioning business processes and averts potential damage to the bank.

Information security audits: The implementation of the information security policy is regularly reviewed through internal audits. The audits cover internal areas as well as subsidiaries and suppliers. In addition, an independent external audit is carried out at least every two years. Penetration tests and vulnerability scans are also carried out regularly for all relevant systems and applications.

Access and authorization management: Access and authorization management ensures that each employee only has the access/authorizations required to complete their tasks in accordance with the "need to know" and "need to have" principle. The assigned rights are regularly recertified.

Security systems: Firewalls are used at all network transitions to separate the various security zones and environments in the network. The firewall at the Internet access is multi-level, and access from the Internet is always terminated in a demilitarized zone (DMZ). The firewalls have modules for analyzing attack patterns/detecting anomalies in network traffic. These are updated promptly in the event of new attack patterns. The Internet connection is protected by a service to prevent distributed denial of service attacks (DDoS). The service analyzes the network traffic on the basis of statistical evaluations and signatures and can initiate countermeasures for the services accessible via the Internet if anomalies/threshold values are exceeded.

Monitoring systems: LBBW has implemented several monitoring systems, such as SIEM and NuKo. Security Information and Event Management (SIEM) is a system for the central collection, transmission, storage and evaluation of log data from network components, operating systems and applications. The aim of SIEM is to identify suspicious network activities. Data traffic is regularly evaluated and analyzed as part of usage controls (NuKo) (mail traffic, clouds, etc.). Monitoring is used to register data leaks of sensitive information. If fraudulent activities are detected, these monitoring systems can be used to initiate appropriate countermeasures.

Threat intelligence & incident response planning: Information security emergency procedures typical of the industry or required by regulation are also established at LBBW (preventive and reactive). LBBW uses threat intelligence to evaluate the possibility of gaining early, evidence-based information about cyber attacks and incidents and analyzing this information. This creates an early warning system that leads to a reduction in the risk of security incidents.

Training & awareness: LBBW ensures that individuals who carry out activities with an impact on the organization's information security performance have the necessary skills based on appropriate education, training or experience. In addition, great importance is attached to raising employee awareness (both internally and externally). This is implemented through comprehensive training and communication concepts as well as regular phishing simulations.

Scope: In addition to LBBW, the scope of information security includes support and advice for key subsidiaries.

Do you have questions about the information security at LBBW?

Please contact us.

Martin Hohloch

Martin Hohloch

Chief Information Security Officer (CISO)
CISO@lbbw.de

Contact

Contact me

Customer Portals

Online Banking

BW-Bank Internetfiliale

Service Portals

LBBW Corporates-Portal LBBW Markets Signature-Directory

LBBW Group

LBBW Asset Management LBBW Real Estate LBBW Venture Capital Berlin Hyp AG BW-Bank

Worldwide

LBBW locations worldwide

Notifications

Stay up to date with our notifications.

An Error has occurred

Notifications are not available

To receive notifications, it is necessary that you activate or allow notifications in your browser settings. Notifications may not be available on your device.

Select the categories for your notifications. You can change these settings at any time.

An Error has occurred

Use of cookies

When you use our website, we only use the cookies necessary to guarantee the functionality of our website. In all other cases we ask for your consent. For more information on cookies, see our data protection .

Essential

These cookies are essential for the operation of our website, and enable functionalities relevant to security, for example. The website cannot function properly without these cookies.

Statistics

To optimize the quality of our website, we collect anonymized data for statistics and analysis. We use cookies to improve the analysis of visitor numbers and behavior in order to optimize our content and offers on the website.

Marketing

Cookies for marketing purposes are used to deliver advertisements that are more relevant to the user and tailored to their interests. They are also used to limit the frequency with which an ad appears and to measure the effectiveness of advertising campaigns.

YouTube

Videos stored on YouTube are embedded on some of our websites. The embedding takes place in extended data protection mode (www.youtube-nocookies.com) via YouTube's Iframe API. If you wish to view the YouTube videos, we require your consent, after which cookies may be set by YouTube and data transmitted to YouTube.

YouTube video

If you would like to use embedded YouTube videos on our websites, we ask for your consent. Further information can be found under YouTube below and in our data protection .

You can remove this consent at any time by using the "Cookie Consent" setting at the bottom of a page.

YouTube

Videos stored on YouTube are embedded on some of our websites. The embedding takes place in extended data protection mode (www.youtube-nocookies.com) via YouTube's Iframe API. If you wish to view the YouTube videos, we require your consent, after which cookies may be set by YouTube and data transmitted to YouTube.