Companywide IT security through an Information Security Management System (ISMS)
To ensure holistic IT security in a company or organization, it is necessary to consider all parts of the organization and to implement systematic security and risk management. In this context, many challenges and dimensions of IT security can overwhelm small and medium-sized enterprises (SMEs) in particular. Without a solid concept for protecting applications, infrastructure and processes, problems and damage to the company can quickly occur.
This is where an Information Security Management System (ISMS) can help. These systems help to define uniform guidelines, tools and processes for a company, with which the daily challenges and problems are mastered. Furthermore, the definition of clear goals and the evaluation of the target and actual state helps to assess the status of the information security in a company.
Depending on the company, there are different ISMS, with varying scope and effort, which OTARIS can support you in establishing:
ISO/IEC 27001 – As one of the more elaborate procedures from this list, the international standard ISO 270001 provides organizational, infrastructural and technical protective measures and is particularly suitable for larger companies. Hazards and risks are identified in a risk analysis, on the basis of which individual security measures are then developed.
“IT-Grundschutz” – The BSI’s “IT-Grundschutz” is similar to ISO 27001, but offers more concrete requirements, measures and building blocks for implementation in the form of the “IT-Grundschutz” compendium. This increased complexity makes this ISMS particularly suitable for larger authorities and companies that process highly sensitive data and have sufficient capacity for implementation.
ISIS12/CISIS12 – is an ISMS developed by the Bavarian IT Security Cluster e.V. especially for use in SMEs and communes. The 12 cyclically repeating steps can also be implemented in small IT departments and help to establish a process-based corporate culture. As the latest revision of the ISIS12 standard, the CISIS12 ISMS places a further focus on compliance issues and a comprehensive risk analysis. This brings CISIS12 closer to ISO27001 and a higher level of security is achieved.
Get non-binding advice on an ISMS that suits you best.
- Identification of a suitable ISMS and support in its establishment
- Consulting on secure IT architectures
- Workshops and trainings in the area of security awareness