The age of digital transformation poses specific challenges for companies in terms of information security. It is crucial to understand – building an ISMS is a continuous process that needs investment in technology and must be implemented and improved continuously.
With the help of Infopulse Standards Compliance Manager (GS Tool alternative), you will follow a clear-mapped and easy-to-run path to set up ISMS based on the methodology of the Standards 200-1, 200-2, 200-3 developed by the Federal Office of Information Security (Germany).
Challenges the company may face while setting an ISMS up:
- Top management commitment and support;
- Raising awareness and security culture;
- Resourcing ISMS implementation (train, recruit, procure);
- Systematic development of an ISMS process;
- Continual improvement of ISMS;
- Certification procedures.
Infopulse SCM, as an automated solution, entirely supports IT Grundschutz workflow and requirements for building an ISMS. With SCM Bot “Helga”, the onboarding process and initial steps will be significantly simplified as well as all-compliance related routine, i.e., receiving notifications, tracking changes in the concepts, generating reports in time. The main aim of SCM is to optimize, save time and resources during the implementation stage – a single platform for all data consolidation and effective task management.
BSI IT-Grundschutz in Practice: Holistic Concept to ISMS
With Infopulse SCM and pre-integrated IT-Grundschutz Compendium, structured in ten layers, you will be able to establish a comprehensive framework for an ISMS that can be scaled to your organization’s needs. In the system, you will access all requirements and all the instructions in the form of building blocks.
Moreover, all Infopulse SCM users will be able to migrate with one click to each new version of BSI IT Grundschutz Compendium. They will receive notifications about new updates and changes.
Three Approaches to Building an ISMS Predefined by IT-Grundschutz
In 200 Standards’ Series, three directions for planning and building ISMS are clearly outlined: Basic, Core, and Standard protection. Depending on your priorities and expertise in ISMS, you can choose three directions of Grundschutz implementation in Infopulse SCM and promptly switch between them:
How Infopulse SCM Assists in Achieving the Compliance with BSI IT-Grundschutz
During this phase in Infopulse SCM, the user will be able to:
- Define an Asset Set and make an inventory check of all your assets or groups of assets;
- Automatically get a hierarchical structure of your asset scope by types of assets and visualize the connections between them;
- Determine protection needs and automatic inheritance of protection requirements based on the maximum principle (incl. cumulation and distribution effects);
- Use six standard damage scenarios and determine custom ones;
- Define an additional custom protection goal apart from integrity, availability, confidentiality. E.g., authenticity-, industry-or company-specific aims;
- Add additional attributes to your assets with the help of custom fields;
- Work with the scope of the asset in a tree or table view. Use a variety of options of the table, including the possibility to save custom table views and export them in Excel or CSV formats.
In Infopulse SCM, the user will be able to perform:
- Automatic assignment of IT-Grundschutz modules, recommended requirements, and controls based on cross-references;
- Monitoring of the implementation status of defined controls, requirements, assets;
- Bulk copy of the realization status of requirements and controls on other assets;
- Assignment of people responsible for controls and task realization following IT-Grundschutz recommendations;
- Data visualization from different perspectives using various options in a table view (e.g., the list of all IT-Systems with not implemented Data backup requirements).
Infopulse SCM fully covers the following:
- Qualitative risk analysis according to IT-Grundschutz standard 200-3 that provides a more straightforward methodology as compared to traditional risk analysis methods;
- Automated Risk analysis for assets with high and very high protection requirements;
- Creation of custom threats and threat catalogs using the G0 catalog with 47 elementary threats;
- Choosing an appropriate risk matrix size: 4×4 or 5×5 dimension;
- Assigning additional controls to threats and monitoring the status of the threat itself plus connected requirements and controls.
- Standard reports generation (A1-A6) according to IT-Grundschutz;
- Framework for covering industry-specific security standards (B3S) as well as IT-Grundschutz profiles.
Bring your business to the next level of compliance with Infopulse SCM!
Effective and easy-to-use IT security management system based on the latest standards and regulations — from planning and establishing the security concept to certification.