Information Security Management System

What is Information Security Management?

Designing an Information Security Management System (ISMS) ought to systematically collect all data relevant for security issues. Then, actions will be taken to reach and keep a certain level of IT security.

The following graph shows the basic steps that are needed to plan, implement, run, observe and improve an ISMS. This is an iterative process leading to continuous improvement of the system:


Why Information Security Management Systems?

Information has become of strategic value to business. The competi­tiveness and success of a firm depends on its ability to protect infor­mation against loss, corruption and unauthorised disclosure. Effec­tive controls are vital to safeguard information assets against potential security threads.

It is of great importance that the approach to IT Security be uniform at all times, thus ensuring the consistency that would be lost otherwise. A loss of consistency would lead to a low acceptance of the actions and therefore a low security level. This increases the threats to the business since the expensive arrangements make the company imagine they are safe. Developments like these can only be stopped if there is systematic work on IT security.


Our Services

ISMS design

  • ISMS Policy to clearly define the process extent
  • Definition of the requirement profile
  • Definition of risk assessment structures
  • Clear criteria for the acceptable amount of risks
  • Reconciliation with the management

ISMS implementation

  • Installing a danger defence plan
  • Installing control mechanisms
  • Installing training and awareness programs
  • Resources Management

ISMS observation and review

  • Monitoring
  • Regular reports on the systems? efficiency
  • Review of the accepted and remaining risks
  • Documentation of any possible impacts on the ISMS

ISMS development

  • Improvements
  • Corrective and preventing actions
  • Report on all actions
  • Evaluation of the improvement actions

For the design of an ISMS, several approaches are possible. However, the currently most widespread approach is ISO 17799, better known as British Standard BS 7799.


Value Added

Installing an ISMS has several qualitative and quantitative advantages:

  • Cost reduction
  • Higher consistency
  • Enhanced risk assessment
  • Enhanced perception of security needs
  • Enhanced acceptance of security-related actions
  • Systematic integration of data security in designing and developing systems

COREVA can support you in every cycle of the ISMS process. We help you with creating requirement profiles as well as designing and implementing your ISMS. Furthermore, we can support you in monitoring and improving your ISMS and in conducting awareness trainings for your employees.


Fact Sheet

Laden Sie hier die wichtigsten Informationen zu unserem Service im Bereich Information Security Management Systems als Fact Sheet herunter.