ProCess

With regard to information technologies, security measures alone cannot prevail. In today's IT world an appropriate response to ever-present threats, individual risks and constantly changing security targets can only be achieved via comprehensive management processes. The establishment of process-driven risk and security management enables you to invest into your information and IT security in a targeted, appropriate and viable way. As a result, you will achieve sustainability with regard to your technical and organisational security measures. On the basis of long-standing, substantial experience and proven expertise, SCHUTZWERK can support you with the practical implementation of respective management frameworks.

Information and IT security are, just like the information technologies, subject to constant change. Starting with the threats, risks and security obectives of a company through to the details of individual security measures, continous analysis and optimization is required. Based on the complex requirements and interdependencies in information and IT security, sustainability cannot be achieved through urgent individual actions. Only the establishment of fundamental management processes will enable you to control the multitude of required management processes in a strategic and viable way. In addition, legislative authorities increasingly demand proof of respective control methods being applied in a company. There are numerous international standards for the implementation, such as ISO/IEC 27001 for information security management or ISO/IEC 27005 for IT risk management. Based on these theoretical frameworks the biggest challenge, however, lies in the practical implementation of the guidelines outlined in these frameworks.

Applying structured and proven process models, SCHUTZWERK supports you with the establishment of the following management frameworks:

Information Security management


Support with the implementation of the Information Security Management according to ISO/IEC 27001

IT RisK management


Support with the introduction or optimization of the IT Risk Management according to ISO/IEC 27005

Incident Response Management


Support with the implementation or optimization of the Incident Response Management