Information systems are not conceivable
without security features any more.
This topic is about protection from threats concerning confidentiality, integrity and availability of information and services. IT-security management tries to protect business processes of organisations that are realised with the help of information technology (IT) systematically against intended attacks and unintended events. Significant methods therefore are the development of security models and concepts, of security infrastructure and risk analysis and management.
The base for the identification and accomplishment of risks concerning information security is offered by an information security management system (ISMS) that is based on and certificated according to ISO 27001. The purpose is to integrate information security in the management and organisation system of a company based on accepted principles.
The ISO/IEC (International Standard Organisation/International Electrotechnical Commission) 27001:2005 has been developed based on the British standard BS 7799-2 and was first published as international standard on 15th October 2005. The standard specifies the requirements for the production, implementation, handling, controlling, maintenance and improvement of a documented management system for information security in consideration of risks within the whole organisation.
Services of KEC:
- Analysis of the existing IT in the company,
- Support for the implementation and improvement of information security,
- Support for the implementation of information security management systems (ISMS),
- Development of security aims and measures according to ISO 27001:2005,
- Preparation for a possible certification.
BACK • TO THE TOP