opusi-mts
contactsupportcustomersitemapabout kronsoft

 Home | Information Security Management Data Privacy Management | National and International Realisation | kronsoft.de

opus i 

Information Security Management System (ISMS)

The insides. The know-how.

As you have seen, opus i is a large and sophisticated tool that supports your work.
But the second essential part (if not at all the most important) is the integrated know-how.

On this page we will show you the “integrated know-how” of opus i.

Spend one to two hours and learn more about the know-how that will save you a lot of time and put you on the safe site.

Read the information above the picture, then take a look at the picture.

1.

The ISO 27001 and 27002 contains approximately 220 chapters. Each chapter describes threats and calls controls to minimize the risk.
Our example shows the chapter “11.7.1 Mobile computing and communications”.
opus i ISO-Chapter 11.7.1

The German Federal Office for Information Security was developing four modules (especially to cover chapter 11.7.1) that describe the existing threats and the controls minimizing the risks - which are named in chapter 11.7.1. Additionally there are three autonomous controls.

The four modules are:

  • Module 2.10 Mobile workplace
  • Module 3.203 Laptop
  • Module 3.404 Mobile phone
  • Module 3.405 PDA

The autonomous controls are:

  • Safeguard/Control 1.33 Appropriate storage of portable IT systems during mobile use
  • Safeguard/Control 2.309 Security policies and rules for the use of mobile IT
  • Safeguard/Control 2.218 Procedures regarding the personal transportation of data media and IT components

So that you can get a first impression, we packed the “Module 3.405 PDA” with all threat descriptions and all Safeguards/Controls in this zip-file. If you are interested please download this file. You will see our guidelines are competent, sophisticated, very detailed and very helpful. Download: Module_3.405_PDA.ZIP.

2.

So that you find the highest important controls fast all controls are classified in four classes (A, B, C and Z).
The class A controls are the most important controls, which have to be realized first - if you want. The class B and C controls have to be implemented if you want to reach the certificate. The “Z” controls are controls that cover the pending risks. These “Z” controls are very expensive and give you the highest possible protection.
opus i The Certification Levels
opus i The Life Cycle Levels

3.

The controls are classified in “life cycles” so that they are implemented in the designated order. Another viewpoint is that you do not not need to spend your precious time on unnecessary controls. These life cycles are:

  1. Planning and design
  2. Procurement
  3. Implementation
  4. Operation
  5. Disposal
  6. Contingency planning

The following examples we explain how the life cycles are to be understood:

1. You intend to purchase a new server. In this case you have to read and implement all controls beginning with the “planning and design” life cycle controls (1) and ending with the implementation of the “contingency planning” controls (6).

Another example:

2. Another server is already running and in operation for two years. In this case you have to read and implement all controls, beginning with the “operation” life cycle controls (4) and ending with the implementation of the “contingency planning” controls (6). The controls within the life cycles “planning and design” (1) to “implementation” (3) are more or less useless and not of interest to you.

4.

Time is money.
Controls have not yet to be implemented. If the threat is non-existent, the control is useless!
But how can you find out, which control acts against which threat?
There are “reference tables” that show these relations exactly. So you have the possibility to make safe decisions.
opus i The Reference Tables

5.

The problem of responsibility.
It’s the most common problem that people say: No, I am not responsible for implementation of this control! Responsible is ....
Do you know that manner?
The answer to this problem is quite simple: In the control’ the “person” responsible for implementation is documented. There are 80 roles that can be assigned to the team members.

opus i The Initiation and the Implementation Roles

6.

The problem of maintenance

The best ISMS will become useless - little by little, almost imperceptible - if the base is not current.
Therefore the threats and controls will be updated every year.

In 2009 the following elements were added or updated:

Added modules:

Module 1.15 Deleting and destroying data
Module 1.16 Compliance management
Module 3.210 Windows Vista Client
Module 5.17 SAMBA server

Updated modules:

Module 1.3 Contingency planning concept
Module 1.6 Computer virus protection concept
Module 1.8 Handling security incidents

New threats and controls:

18 threats added
71 controls added.

Do you have questions?

© 2010 kronsoft® Germany  

downloads / access right         contact   support   customer area   sitemap   about kronsoft