Strategic management of IT security
Structure & implementation
of an ISMS
An ISMS secures a company's information assets and creates sustainable structures for greater resilience through processes, measures and continuous improvement. We support you as a partner in the systematic development and successful implementation of an ISMS in accordance with ISO/IEC 27001. One key to success: internal communication. As the entire company must be involved here, the involvement and buy-in of all employees is absolutely crucial for the development of a holistic security organisation.
In my experience, effective security always starts with leadership. Responsibilities, decision-making channels and escalation criteria must be clearly and bindingly regulated, because only on this basis can operational measures take effect. The ability to act arises from a clearly defined time frame with concrete objectives.
Erik Krüger
Information Security Officer | Governance, Risk & Compliance Consultant
basis for information security
controlled security
Establish management
An ISMS (Information Security Management System) is the foundation for managing information security in your company in a sustainable and traceable manner. Alignment with recognised standards such as ISO/IEC 27001 creates transparency, risk minimisation and legal certainty in management as well as in operational business.
management summary
transparency and
continuous improvement
With a structured ISMS in accordance with ISO/IEC 27001, you get robust processes, clear responsibilities and centralised documentation for all security-related topics.
The result: greater transparency, minimised risks and a demonstrably enhanced security culture, now and in the future.
The introduction of an ISMS takes
ISMS introduction
is a longer process
1
Project preparation
- Analysis of security level, objectives and organisation
- Joint definition of the project scope
2
Document review
- Review and supplement existing ISMS documents
- Development of a centralised list of measures
3
Structure of document master
- Creation of all necessary ISMS documents
- Selection of suitable guidelines and processes
4
Gap analysis
- Comparison with corporate reality
- Derivation of further possible measures
5
Action management
- Centralised control of all tasks
- Continuous tracking and progress monitoring
6
Quality assurance & finalisation
- Transfer of all results to the organisation
- Final presentation and handover
ISMS and NIS 2 on the home straight:
The endurance sport of information security
We discussed the entire path of an ISMS project in the episode ISMS and NIS2 on the home straight: Endurance sport of information security times discussed. Michael talks to Erik Krüger, Information Security Officer and Consultant at suresecure, about why security is not a sprint, but a long-term training process. Instead of quick wins, it takes strategy, discipline and the right rhythm. Erik explains how companies with a functioning ISMS already fulfil most of the NIS 2 requirements, what really matters during implementation and why motivation and communication are crucial for success.
