opusi-is
contactsupportcustomersitemapabout kronsoft

 Home | Information Security Management Data Privacy Management | National and International Realisation | kronsoft.de

opus i 

Information Security Management System (ISMS) ( 1 of 3 )

Obstacles

You would like to have a working Information Security Management System (ISMS).
But you have problems with the enormous effort which is necessary for implementation and maintenance.

You are right. Time and money you need to invest are substantial. Perhaps you also believe that specialized knowledge is necessary? Yes, it is!

But, what would you say, if we claim, that the complete Information Security Concept is provded finished and that you only need normal IT knowledge? Furthermore we say: most of the specialized knowledge is integrated in opus i. Do you believe it?

Spend one hour and learn how the information security management system is implemented and maintained.

Read the information above the picture then take a look at the picture.

1.
Members of your Information Security Team are the Information Security Officer (CISO) and the Privacy Officer (CPO). It would be great if you could inspire the Risk Manager (CRO) and the Quality Manager (QM) for your objectives. We think that it is necessary to involve a representative of your employees. Furthermore you need the cooperation of the managers. Now this was the hard part of your work.

And this is the rest:

  • You have to record: building groups, room groups, server groups, desktop Computer groups, your physical networks, applications with privacy/important data) and the outsourcing contractors (third parties).
  • With these elements (objects) you have to model the process for which you want to set up the ISMS. This is easy.
     
  • This management system can be certified.
  • The certificate is reachable in three seperate steps (A,B,C). A and B are self-explanations with auditor confirmation. C is the certification step. (external ISM-Certificate)
  • The base of this ISMS is the ISO 27001.

2.
You have to record:
building groups, room groups, server groups, desktop computer groups, your physical nNetworks, Applications (with privacy/important data) and the outsourcing contractors (third parties).
You record these objects as “original objects” in the “Asset-Folder”. Sequential recording is possible.

Second advice:
You can record thousands of objects ... but: are these the real important objects (assets) of your company? Yes? No?
Do the following: base your ISMS on the most important process of your institution. You do not need to certify your complete institution.
The most important process is important - nothing else!

3.
The next step is: create the process tree with these objects.
You have to build the tree completely with references of the objects you entered in the step before.

continue

3.1 Build the process tree with the references of the original objects. A referenced object is identified by “ref:” in front of the object name.
opus i The process tree

3.2 Open each object of the tree by double-click and select the type of this object. Begin with the upper tree element, the process.

2.1 Record your assets involved in the institution’s most important process.

opus i The object type and the right controls
opus i The Assets of your institutio

The modules, the threats and the controls

After this step (3.) your IT Security Concept is done!
As we said above: the specialized knowledge is implemented within opus i.
opus i The Moduls
opus i The Threats
opus i The Controls

Learn more about modules, threats and controls

© 2010 kronsoft® Germany  

downloads / access right         contact   support   customer area   sitemap   about kronsoft