An information security management system based on ISO/IEC 27000 involves the introduction, realization, operation, monitoring, maintenance and the improvement of the protection of information values to handle risks based on risk assessment against the background of the individual business goals.
In this area ecsec GmbH supports customers during the creation and maintenance of policies and guidelines, the selection of measures to be taken and the implementation of auditing and control mechanisms for the organization-wide management of information security. This in particular covers
the creation of information security policies and guidelines and the setup of efficient security organizations,
the Execution of security analysis’s, audits and evaluations,
the introduction of secure software development processes,
the introduction or optimization of information security or risk management practices,
the creation, implementation and auditing of security concepts,
the creation and implementation of change management processes and operational guidelines,
the introduction or optimization of business continuity management and contingency planning and
the introduction of role models and means for enterprise rights management.