Send message to

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long
Special characters '<', '>' are not allowed in subject and message
reCaptcha is invalid.
reCaptcha failed because of a problem with the server.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Consulting

Hall 9 / Booth Number 9-100

Einführung Informations – Sicherheitsmanagementsystem (ISMS)

Categories

Authorities / associations Testing laboratory / consultation BSI IT baseline protection ISMS (ISO-IEC 2700x / BS 7799) Consulting IT security Certification of products and services Security management

Key Facts

  • Beratung Aufbau ISMS
  • Begleitung bis zur Zertifizierungsreife
  • Audits

Product Description

As a BSI certified IT security service provider, IABG offers an efficient implementation of the standards (ISO 27001 native or BSI basic protection) for the corresponding certification. This is a must for all companies which fall under the IT security law. The introduction of an ISMS comprises the following service modules: Workshop It is the basis for a precise risk analysis and, based on this, an estimate of the effort required. Scope definition With regard to the application level, the limits and the services to be provided are described, including possible transitions to third parties. Limitation of a scope For efficient project progress, the scope is initially limited to the necessary critical processes and components, ensuring process consistency and traceability CAP analysis The aim of the analysis is to evaluate the current status of IT security and the gaps still to be closed within the defined scope. Risk assessment The basis for risk assessment is the effects on operation and the probability of occurrence of threats; they form the risk measure according to the selected calculation algorithm. Risk treatment plan All risks to be minimised are managed in a prioritised risk treatment plan. For each risk there are personnel responsibilities and target dates. Implementation plan The implementation plan describes the information security objectives in connection with the implementation of the individual measures. This serves as a reference for the subsequent audits. Internal audit On the one hand, the internal audit serves as a means of self-regulation, but is also a basic requirement for a formal certification audit. External 3rd-Party Audit Order Once the decision for formal external certification has been made, the type of certification should be determined very soon and the appropriate measures should be taken.

... read more
close

This content or feature is available to the it-sa 365 community. 
Please register or log in with your login data.