Tag Archive for: ISO27001

Janine Wolff

Infor­mation Security Management Systeme (ISMS) – myths, miscon­cep­tions and misconceptions

There are several myths, miscon­cep­tions and miscon­cep­tions surrounding Infor­mation Security Management Systems (ISMS) that can lead to incorrect assump­tions or inade­quate implementations.

In our latest blog article, we would like to briefly introduce some of them:

 

Myth #1: ISMS is only for large enterprises

It’s a common miscon­ception that an ISMS is only for large enter­prises. In fact, organi­za­tions of all sizes can benefit from an ISMS as it helps to become aware of threats, mitigate risks and meet compliance require­ments. Regardless of the size of the organi­zation, an effective ISMS helps address infor­mation security in all aspects of business opera­tions, which ultimately helps strengthen overall business success and promote trust.

Myth #2: ISMS is just a technical matter

There is often a miscon­ception that an ISMS is all about technical measures. However, the primary focus is on infor­mation and processes. Through these, both the technical and other organi­za­tional aspects, such as policies, proce­dures, training and awareness programs, then come into consid­er­ation. In other words, an effective ISMS requires a holistic approach that involves people, processes and technology to ensure and improve the security of infor­mation in the organization.

Myth #3: An ISMS is a one-time task

An ISMS is not merely a one-time task. While it is sometimes assumed that an ISMS can be imple­mented once and then operated on the side, it is actually a continuous process that requires constant monitoring, review and improvement to keep pace with changing threats and business needs. This process fosters an enduring culture of infor­mation security in the organi­zation that is focused on proactive risk mitigation and constant adaptation to new security challenges.

Myth #4: Confor­mance guarantees security

Confor­mance to standards such as ISO 27001 does not automat­i­cally mean that an organi­zation is fully protected. An ISMS should be viewed as a continuous improvement process that goes beyond mere compliance. It’s about creating awareness of infor­mation security throughout the organi­zation, improving the ability to respond to changing threats, and ultimately estab­lishing a sustainable security culture.

Myth #5: ISMS is for marketing purposes only

While sales and marketing depart­ments certainly won’t disagree, an effective ISMS primarily helps organi­za­tions mitigate risk, meet compliance require­ments, and build trust with customers and partners. Overall, such a system promotes a security-conscious culture and improves business practices.

Would you have known?

By clearing up these myths, miscon­cep­tions and miscon­cep­tions, organi­za­tions can gain a better under­standing of how to effec­tively implement and use an ISMS to protect their infor­mation and drive business success.

We at SRC Security Research & Consulting GmbH can actively support you in the process from consulting to certi­fi­cation, feel free to contact us.

Contact us:
Christoph Sesterhenn
E‑Mail

Aspects of Common Criteria Certifications
Janine Wolff

Aspects of Common Criteria Certi­fi­ca­tions — Guest lecture at the Vienna University of Technology

Aspects of Common Criteria Certi­fi­ca­tions — this is the topic of the lecture that the experts of the SRC evalu­ation body for Common Criteria will address at the Vienna University of Technology. The lecture will take place on 10 May 2019 as part of the lecture IT Security in Large IT Infra­struc­tures at the Institute of Infor­mation Systems Engineering.

Common Criteria in science

With the help of Common Criteria for Infor­mation Technology Security Evalu­ation (CC), IT products can be evaluated regarding their security according to general criteria. As an inter­na­tionally recog­nised standard, Common Criteria is of interest to the scien­tific world. Initially, an evalu­ation is carried out by an evalu­ation body accredited by the German Federal Office for Infor­mation Security (BSI). SRC is accredited as such a CC evalu­ation body. The BSI then carries out the certification.

Guest lecture for students

The SRC experts will discuss the Aspects of Common Criteria Certi­fi­ca­tions at first hand. The lecture informs the students about the basic approach for product certi­fi­ca­tions according to Common Criteria. Infra­struc­tures in the European Union that rely on Common Criteria certi­fi­cation will be highlighted. The formal side including the respon­sible certi­fi­cation and recog­nition bodies will also be considered. The comparison of Common Criteria with other concepts concludes the lecture. Certi­fi­ca­tions according to technical guide­lines of the BSI, ISO27001 or the criteria of the Payment Card Industry (PCI) will be considered.

Tag Archive for: ISO27001