Structured implementation of information security and data protection
With our structured ISDS methodology, we create transparency, minimise risks and ensure that information security and data protection requirements are implemented in your organisation in an effective, comprehensive and auditable manner.
ISDP methodology:
- Analysis:
- Status report: Analysis and determination of the applicable legal basis and internal guidelines regarding information security (including data protection and IT security, information protection)
- Protection needs analysis:
- Conducting a protection needs analysis with regard to protection objectives: confidentiality, integrity, availability and data protection
- System architecture:
- System architecture diagram
- Interfaces, communication matrix
- Data flows
- Risk analysis:
- Conducting risk analysis based on the system architecture and the information processed therein
- Identifying security-critical areas in the five sub-areas of technology, law, personnel, organisation and physical infrastructure that need to be optimised
- Development ISDP concept:
- Description of risk treatment measures
- Development of the following content (may vary):
- Management summary
- Protection needs analysis
- Security-related documents / legal basis
- System description
- Risk analysis
- Security measures
- Data protection / legal
- Business continuity (ITSCM)
- Compliance / review / acceptance of security measures
- Liquidation
- Implementation ISDP concept:
- Implementation of the measures described in the ISDP concept
- Implementation review:
- Risk-based review of the implemented measures
- New risk assessment after measures have been implemented
- Conclusion
- Transfer of the ISDP concept into an operating manual
- Modification of the ISDP concept in the event of changes to the system architecture