Designing an Information Security Management System (ISMS) ought to systematically collect all data relevant for security issues. Then, actions will be taken to reach and keep a certain level of IT security.
The following graph shows the basic steps that are needed to plan, implement, run, observe and improve an ISMS. This is an iterative process leading to continuous improvement of the system:
Information has become of strategic value to business. The competitiveness and success of a firm depends on its ability to protect information against loss, corruption and unauthorised disclosure. Effective controls are vital to safeguard information assets against potential security threads.
It is of great importance that the approach to IT Security be uniform at all times, thus ensuring the consistency that would be lost otherwise. A loss of consistency would lead to a low acceptance of the actions and therefore a low security level. This increases the threats to the business since the expensive arrangements make the company imagine they are safe. Developments like these can only be stopped if there is systematic work on IT security.
ISMS observation and review
For the design of an ISMS, several approaches are possible. However, the currently most widespread approach is ISO 17799, better known as British Standard BS 7799.
Installing an ISMS has several qualitative and quantitative advantages:
COREVA can support you in every cycle of the ISMS process. We help you with creating requirement profiles as well as designing and implementing your ISMS. Furthermore, we can support you in monitoring and improving your ISMS and in conducting awareness trainings for your employees.
Laden Sie hier die wichtigsten Informationen zu unserem Service im Bereich Information Security Management Systems als Fact Sheet herunter.