For information security officers who want to set up a standard-compliant information security management system without complicated Excel applications within a few weeks.
Save valuable time with the risk2value ISMS BSI solution and benefit from a professional, automated tool for your information security management.
Get to know the risk2value ISMS BSI solution in our demo video! You can see some specific application examples live in the tool.
Request the video now!
Highlights of the risk2value ISMS
With the risk2value ISMS BSI solution, you bank on state-of-the-art technology to efficiently map your information security management.
The risk2value ISMS BSI solution provides a central view of your assets, BSI security requirements, information security risks, security measures and the fulfillment levels of measures from Annex A, ISO/IEC 27001:2013.
The risk2value ISMS BSI solution supports you every step of the way in evaluating security requirements, information security risks and security measures. This allows you to create comparable evaluations of your company's own risks and measures over multiple periods.
The risk2value ISMS BSI solution offers collaborative capabilities that facilitate teamwork between colleagues and risk owners. They can discuss and clarify questions about information security risks or actions directly in the solution or even invite further users to join the discussion. Each person can access this information at any time in the right place from a central location.
Tap the comprehensive reporting capabilities of the risk2value ISMS BSI solution using predefined reports. The IT-Grundschutz security requirements are mapped in the solution to the measure catalog of Annex A of ISO/IEC 27001:2013 and flow into a printable management report that automatically calculates the fulfillment level of Annex A measures.
With the risk2value ISMS BSI solution, you easily define, fully document, and reliably track all risks and measures as well as the BSI security requirements. Status overviews keep the responsible employees and the original author informed on the current implementation status of these actions.
The dashboard is the central gateway for all users. It provides a clear overview of all tasks in the ISMS process. With the help of interactive controls users can filter and analyze data based on their individual permissions. They can directly open and edit an information security risk or action, for example, with a simple drill-down.
Der definierte Informationssicherheitsmanagement Prozess wird periodisch durchlaufen, sodass eine konsistente Steuerung der unternehmensindividuellen Sicherheitsanforderungen sichergestellt ist. Durch den Einsatz der risk2value ISMS Solution werden kritische Risiken frühzeitig erkannt und bewertet, geeignete Maßnahmen zur Risikosteuerung ergriffen und die Risikoentwicklung konsequent überwacht. Dies bewahrt Unternehmen vor den Auswirkungen von Bedrohungen.
risk2value ISMS BSI solution: The business side
The risk2value standard solution for ISMS (Information Security Management System) was developed based on the IT-Grundschutz compendium and can be used to implement and operate an ISMS. The German Federal Office for Information Security (BSI) designed the IT-Grundschutz so that it can be used in all types of industries. Its recommendations, which cover typical security requirements and dangers, are suitable for companies of all sizes. Thanks to its predefined components and implementation instructions, it is easy to understand and can be used immediately.
In 2021, the BSI re-published the IT-Grundschutz compendium in the 2021 edition. This replaced the 2020 edition. As part of the revision, modules (asset types) were renamed or combined and security requirements (controls) were adapted to the state of the art. These changes were incorporated into the risk2value ISMS BSI solution.
The practical experience from numerous implementation projects was decisive for the implementation of the risk2value ISMS BSI solution. Our solution is based on the following basic process:
Create a structure analysis and map your assets.
The individual components of the BSI IT-Grundschutz cover all relevant aspects of information security in typical business processes and applications. They are structured into applications, IT systems, industrial IT, networks and communication, infrastructure, security management, organization and human resources, concept design and approach, detection and reaction as well as operations. You can identify your own assets and assign them to the components contained in the ISMS BSI solution.
A security requirements analysis for your information security goals concerning trust, integrity and availability can be defined for the assets identified in BSI IT-Grundschutz. The objective of the security requirements analysis is to determine how suitable the protection is for the information or information technology that is used.
Conduct a security requirements analysis of your assets.
Evaluate the security requirements of BSI IT-Grundschutz.
The ISMS BSI solution contains the security requirements control catalog from BSI IT-Grundschutz in all three protection levels (basic, standard and higher security requirements) as well as their instructions for designing a security concept. These security requirements are already mapped to the components – and, therefore, the relevant assets – in line with the recommendations in BSI IT-Grundschutz. The measures recommended in the control catalogs are compared here with the measures that have already been implemented in your company and evaluated based on their implementation status. This makes it possible to implement the recommended security requirements accordingly, document variances, and present them transparently for certifications.
If you have not fulfilled the security requirements sufficiently, you can create risks and evaluate them based on their probability of occurrence and impact of damages. The ISMS BSI solution offers a choice of qualitative and quantitative evaluations.
The Elementary Dangers of the BSI IT-Grundschutz, which are contained as a risk catalog in the ISMS BSI solution are mapped based on BSI recommendations to the applicable security requirements and enable you to create risks in the right context depending on vulnerabilities and requirements.
Furthermore, you can create, document and track measures based on their implementation levels, costs, requirements as well as any reductions in damages or the probability of their occurrence.
Add and evaluate additional risks and measures.
View automatic calculations of fulfillment levels from Annex A, ISO/IEC 27001:2013.
Since the implementation instructions and design of BSI IT-Grundschutz are very similar to ISO/IEC 27001:2013, you can map the requirements from BSI IT-Grundschutz and the measure catalog from Annex A of the ISO standard in the ISMS BSI solution. Due to this mapping, the solution will automatically calculate the fulfillment level of the measures from Annex A of ISO 27001 following the calculation of the BSI IT-Grundschutz security requirements. This list of the fulfillment level of Annex A is also available as a printable management report.
The fulfillment levels of the respective BSI security requirements are listed by components and, therefore, assigned to their assets. You can view them clearly in the dashboard and navigate them individually. By clicking on a specific implementation status, you can drill into the control assessment and process your evaluations further. You benefit by gaining access to information on the fulfillment or completion levels at any time and creating reports for management or auditors much more easily.
Get an overview with dashboards and reports.
Get the risk2value ISMS BSI solution demo
Thank you for your interest in the risk2value ISMS BSI solution demo.
After your request has been checked, you will receive a link to the complete demo by email.
We'd be happy to assist!
Sales Specialist & Account Manager