Data Protection and Information security is based on a neutral risk analysis ISO/IEC 27001/2
A weak spot is only a problem if it can be exploited by hackers. Do you know yours?
Risk analysis includes the identification and correlation of risks, the analysis of its causes together with probability of occurrence and frequency, the evaluation of risks and the determination of appropriate organizational and technical measures to mitigate risks.
It can be regarded as a cause-and-effect relationship: the causes indicate the probability of occurrence, the impact on the consequences of a risk in the company.
The steps are in detail:
1. identification, analysis and evaluation of risks and dangers in data protection and information security.
2. top management decides on data protection and information security objectives and develops strategy, guidelines and data protection and information security management.
3. definition of appropriate security measures to achieve defined objectives.
4. implemented measures are subject to regular review with regard to their topicality. Control of the implementation of the measures. Findings from these review and control processes must be fed back into the procedure.
A continuous cycle is created, which leads to a functional and appropriate information security management system. Within the framework of the PDCA cycle (Plan-Do-Check-Act) and a regular audit, a continuous improvement of information security is ensured.
We support you actively in the overall process throughout all phases or, if desired, only in selected subphases.
Your orientation support in the implementation of the GDPR is our online test.
Make an appointment with us.