ISM Consulting

Due to the continuous progress of digitalization and the ever increasing networking of customers and partners in their own processes, the protection of corporate data is becoming more and more important. In 2015, the German Federal Criminal Police Office reported almost 45,800 cases of cybercrime; by 2018, the figure had risen to 87,106 cases - the number of unreported cases is likely to be much higher. Attack scenarios on companies are becoming more and more complex and there is also a significant increase in economically and also politically motivated crimes. A great deal of money can be made with industrial espionage, spam and phishing. 

A purely technical protection by e.g. firewall systems is no longer sufficient and has to be accompanied by organisational measures. The issue of security of company data must be considered strategically. The development of an ISMS often poses a great challenge to companies because they lack the know-how within their own ranks. However, without an established ISMS there are incalculable risks for the company values and production processes of your company.

The complexity in information security should be easy to apply at any time. Therefore we help you as a partner to ensure the greatest possible benefit without neglecting the protective effect or the conformity to standards. In doing so, we are always at your side as a coach and sparring partner.

Our consulting services

Together with you, in this complex environment, we develop individual solutions tailored to your requirements. We support you in setting up an ISMS or the further development of an already existing system. Of course, we also consider the corresponding interfaces to other management disciplines such as Business Continuity Management, IT Service Continuity Management (ITSCM), Crisis Management (CM). 

In the case of an upcoming certification, as an independent consulting firm we would be happy to help you determine your maturity for certification and, if necessary, find suitable solutions. Our experts and auditors have their finger on the pulse of time and follow the current trends and requirements in ISM for you according to the current standards (ISO 27001 and BSI IT-Grundschutz). Our experts also provide support in reviewing the requirements for operators of critical infrastructures in connection with the obligation to provide evidence in accordance with §8a para. 3 BSIG as well as secure network operation in accordance with §11 para. 1a EnWG.

ISMS development and implementation

Our qualified experts provide support in the implementation or further development of your ISMS using our process model, which combines all requirements according to ISO 27001 and the modular principle according to BSI IT-Grundschutz.

 What is ISM?

Information security is a management system that provides processes for the protection of information, regardless of its type and origin. This includes, among other things, the establishment of an appropriate security organization, the creation of a security concept, the definition of generic security objectives, the recording, evaluation and mitigation of information risks. In practice, the aim is to prevent or at least reduce the probability of unauthorised / inappropriate access to data or the unlawful use, disclosure, interruption, deletion, falsification, modification, review, recording or devaluation of information. This also includes measures aimed at reducing the negative effects of such incidents. 

Information security is the protection of information with the aim of ensuring the maintenance of business operations and minimizing business risks.

 What is the aim of ISM?

The main focus of information security is on compliance with the defined security objectives for company data. The best known security objectives are compliance with confidentiality, integrity, availability (continuity) and authenticity of information. However, classic information security risks include not only intentional actions, but also elementary hazards such as fire, water, storm, earthquake or failed software updates.

 How can ISM help my company?

Information security incidents often cause extremely large financial and / or reputational damage to the company. The financial damage then very quickly runs into high millions. There are plenty of examples and they can be found in the relevant media. The probability of a security incident occurring can be massively reduced by an established ISMS. But even if you are affected by a security incident, the impact is far less than if your company is taken unprepared. 

An established Information Security Management System is an important message to the market. It creates trust among customers, suppliers and other service providers with regard to  

  • legal compliance

  • Data Protection Act

  • Protection of trade secrets

  • ​Completion of projects and services within the planned or promised time

 What advantages do companies with established ISM have?

  • High security level  

  • Minimizing risks associated with threats and reducing liability risks

  • Reduction of costs through prevention of security incidents 

  • Improvement of the external image towards customers and suppliers as well as in case of due diligence

  • ​Conformity in the case of requirements vis-à-vis regulators and contractors

 Costs

The cost of our support varies greatly from project to project, so we cannot give any specific details here, but we support companies of almost any size, from small businesses to medium-sized and large enterprises. Please contact us and we will find a price range that meets your needs and requirements.

 FAQs

What does ISM mean?

Information security is the practice of protecting information by mitigating information risks. As a rule, the aim is to prevent or at least reduce the probability of unauthorised / inappropriate access to data or the unlawful use, disclosure, interruption, deletion, falsification, modification, review, recording or devaluation of information. This also includes measures aimed at reducing the negative effects of such incidents.

Why is ISM important?

Information is one of the most important intangible assets of an organization. Therefore, information must be adequately protected by combining systems, processes and internal controls to ensure the integrity and confidentiality of data and operating procedures within an organization.
 
Basically, information security fulfils four essential functions: a) enables the secure operation of the applications implemented on the IT systems, b) protects the data collected and used, c) secures the technology assets used and d) protects the operation and functionality of the organisation. Furthermore, information security enables the secure operation of applications implemented on the IT systems of the organisation.

When do we start ISM?

ISM should be implemented regardless of the size of an organisation. Information is one of the most important intangible assets of any organisation and, as with other assets, it is the responsibility of management to protect it appropriately.
 
Protecting information goes beyond simply protecting data with a password. More and more companies are becoming victims of cybercrime. To withstand the growing threat of information leakage, the actual scope of an ISMS should be determined individually. First and foremost, however, trained personnel who monitor the security systems as well as sustainably support and promote the topic is of crucial importance.