Information Security Management System (ISMS)
"Thanks to risk2value, we have eliminated unnecessary duplications and gained the acceptance of our staff. Each individual user has seen personal benefits in using the software.”
In today’s knowledge society, information has become one of the most important commercial goods. Accordingly, it is also a vital asset for corporate groups, companies and public authorities. Yet as the network of the global business world becomes even more interlinked, information is exposed to a growing number of threats. Every day, reports on data theft, hacker attacks, illegal information leaks, cyber criminality and even cyber war are in the headlines.
Most information today is created, saved, transported and processed using information technology. Yet it can also be printed or written on paper, sent by mail, displayed in videos, or communicated by word of mouth.
The objective of information security is to secure all information regardless of its type and origin. An Information Security Management System (ISMS) is responsible for identifying weaknesses, recognizing threats, initiating counteractions, and spotting opportunities. The responsibility to implement suitable measures and ensure that security goals are achieved lies in the hands of management. Various standards such as ISO 27000 provide a framework for implementing information security management systems. Following the IT Security Resolution of the German Parliament, all organizations operating critical infrastructures in the energy, IT, telecommunications, transport, transportation, health care, water, nutrition, finance and insurance industries in Germany must uphold minimum standards of IT security.
risk2value.accelerator for DPMS
avedos has developed a predefined data protection management solution based on the good practices gained in over a decade of GRC project experience. With risk2value.accelerator, companies drastically reduce the time needed to implement a solution for protecting data as outlined in EU GDPR.
Important: The executive board or managing directors are responsible for implementing suitable measures and fulfilling these security targets. Various standards (e.g. ISO-27000) provide guidelines to support the implementation of an information security management system.
risk2value provides the software to support all important components of an ISMS. The system determines protection requirements and conducts business-impact analyses, SWOT analyses and control assessments with official or individual questionnaires or control lists. risk2value can even automate the entire workflow-driven process of audit detections, security incidents, exception rules and the subsequent monitoring of activities.
The added value of the software primarily lies in the automatic consolidation of information gathered from individual people to create a complete picture of information security. Through individually configured aggregation rules, you can generate highly detailed reports or simply gain an overview of the entire ISMS.
Example of an ISMS ISO 27001 GAP-analysis
- Adapt the system flexibly to meet specific requirements
- Reduce management tasks in the central information security team
- Gain an efficient, structured overview through optimal reporting
- Understand and automatically track actions
- Give your CISO the greatest flexibility possible to create individual evaluations
- Ensure investment security through modular scalability
- Gain transparency on the maturity of information security throughout the organization
- Facilitate the information exchange among stakeholders
- Integrate business departments and process owners based on a business-impact analysis
- Document and track actual and suspected security incidents
- Ensure compatibility with various standards (e.g. the ISO 27000 series)
- Implement cyclical ISMS assessments and period comparisons (e.g. business-impact assessments, risk analyses, control assessments)
- Configure risk evaluation rules based on objective criteria (e.g. quantitative or qualitative)
- Process and track activities (e.g. measures, audit detections, security incidents or exception rules) within a structured workflow
- Map complex cause-and-effect relationships among information, IT systems, IT services and processes
- Create individual reports for different stakeholder groups
- Utilize comprehensive analytic and aggregation capabilities
Thanks to the flexible configuration of risk2value different Security Management processes can be supported:
- Information Security Management System
- Security Management
- IT Security Management
- Data Security Management