Information Security Management
Support with the implementation or optimization of the Information Security Management according to ISO/IEC 27001
Owing to profound risk minimization strategies as well as legal requirements, it is essential for companies to establish an IT security management. Based on the theory of norms, however, the central question arises as to how this can be done in a practical and permanent form. On the basis of many years of practical experience, SCHUTZWERK supports you in implementing an information security management system tailored to your requirements.
Ensuring an appropriate level of security is a constant challenge in complex IT environments. If technical security vulnerabilities arise in systems and applications, these are only to be viewed as symptoms. The basic cause of this lies in poor information security management.
Sustainable information security management requires a fundamental process that is referred to as Information Security Management System in the ISO norm IEC 27001. The Federal Office for Information Security (German: Bundesamt für Sicherheit in der Informationstechnik - BSI) also references this norm in its IT Baseline Protection standards (German: IT-Grundschutz). The extensive requirements of the above-mentioned standards can be condensed into five basic phases which form the basis of information security management:
- Phase 1 - Security Organization: Formulation of an IT security concept to describe the importance of IT and IT security in the company. Binding definition of responsibilities within the IT security management process.
- Phase 2 - Structural Analysis: Central documentation of all IT systems, - applications and processed data categories.
- Phase 3 - Determining Security Requirements: Determining security requirements for IT Systems, applications and data protection, on the basis of the security requirements of corresponding business processes = targeted condition (confidentiality, integrity, availability).
- Phase 4 - Target/ Actual Comparison: Examination of the acquired level of security by including all technical, organizational and human aspects = current condition / comparison of targeted and current condition and derivation of necessary measures.
- Phase 5 - Implementing Measures: Detailed planning (roadmap) and implementation of the measures defined in Phase 4.
Using a structured and proven process model, SCHUTZWERK supports you in establishing all the necessary components, processes and documentation of an information security management system. Depending on your objectives, the options range from a purely solution-oriented process implementation to preparation for ISO certification. The tasks described above can be implemented in the form of coaching or together with you.