Structured development of an ISMS according to the state of the art:
Information Security Risk Management
Security Governance Framework & Organization
Security control framework
What we do: We guide them step by step through the development of the ISMS based on their needs and in line with their business model. Furthermore, we accompany them during the implementation in the organization and, if required, also during the implementation of a suitable GRC tool. Duration and scope depend on size and complexity.
Set security targets
Conduct a business impact analysis based on the company's critical core processes and data
Determination of the need for protection in terms of availability, confidentiality and integrity
Identification of threat scenarios by identifying potential vulnerabilities and attack surfaces of core processes and data
Mapping of the threat scenarios to the results of the business impact analysis
Structured security status survey across all key business areas (product and customer areas, IT, organization, human resources, facility management, etc.).
Description of the individual vulnerabilities of their potential impact
Assignment of the identified vulnerabilities to relevant threat Scenarios and evaluation according to business impact analysis
Creation of a cybersecurity strategy optimized for your company
Prioritized list of measures to address the most important weaknesses