Information security management - turning good intentions into added value
As the significance of IT to company transactions or to fulfilling public tasks continues to grow, there is an increasing need, and sometimes a requirement established in compliance provisions, to protect technical and IT resources against prohibited or inappropriate use or misuse, loss, divulgence, destruction or manipulation. Information security is therefore seen more and more as an integral component in companies’ business policies or in the fulfilment of tasks in offices operating under public law.
To ensure that information security is more than a good intention, numerous processes and activities associated with the risks with which businesses, authorities and other institutions are confronted must be identified and managed. Setting up an information security management system is a proven way of doing this. This is used to initiate, execute, monitor, check and, above all, improve information security measures. Such a management system can even make information security measurable and comparable at a later stage of maturity.
Standards such as ISO/IEC 27001:2005 at the international level and ISO 27001 based on the BSI’s basic principles for IT protection at the national level are a good foundation for setting up and operating an information security system. In a pragmatic approach, dependence on one of the standards can result in a suitable and effective format. If necessary, e.g. because of customer or supplier requirements, you also have the option of having your company, authority or institution certified in accordance with these standards. In this way you can prove that your information security management system is functioning properly.
We are the right contact for you, both for strategic advice on information security management or on integrating this into existing management systems, and on developing an information management system. We are also happy to advise you on certification and will guide you through the process or carry out the certification. With our years of experience and our fully-qualified auditors, we can give you competent support, tailored to your concerns, to achieve your security goals. In consultation with you, we will determine your specific need in order to achieve a cost-effective solution that is in line with qualitative requirements.