risk2value GRC Solutions

risk2value ISMS
BSI solution

For information security officers who want to set up a standard-compliant information security management system without complicated Excel applications within a few weeks.

Save valuable time with the risk2value ISMS BSI solution and benefit from a professional, automated tool for your information security management.

Get to know the risk2value ISMS BSI solution in our demo video! You can see some specific application examples live in the tool.
Request the video now!

Highlights of the risk2value ISMS
BSI solution

With the risk2value ISMS BSI solution, you bank on state-of-the-art technology to efficiently map your information security management.

Complete overview

The risk2value ISMS BSI solution provides a central view of your assets, BSI security requirements, information security risks, security measures and the fulfillment levels of measures from Annex A, ISO/IEC 27001:2013.

Quantitative und qualitative Bewertung

Comparable evaluation

The risk2value ISMS BSI solution supports you every step of the way in evaluating security requirements, information security risks and security measures. This allows you to create comparable evaluations of your company's own risks and measures over multiple periods.

Kollaboration in der risk2value ERM Solution

Flexible collaboration

The risk2value ISMS BSI solution offers collaborative capabilities that facilitate teamwork between colleagues and risk owners. They can discuss and clarify questions about information security risks or actions directly in the solution or even invite further users to join the discussion. Each person can access this information at any time in the right place from a central location.

Reports in risk2value

Predefined reports

Tap the comprehensive reporting capabilities of the risk2value ISMS BSI solution using predefined reports. The IT-Grundschutz security requirements are mapped in the solution to the measure catalog of Annex A of ISO/IEC 27001:2013 and flow into a printable management report that automatically calculates the fulfillment level of Annex A measures.

automatischer E-Mail Versand in risk2value

Automated tracking

With the risk2value ISMS BSI solution, you easily define, fully document, and reliably track all risks and measures as well as the BSI security requirements. Status overviews keep the responsible employees and the original author informed on the current implementation status of these actions.

Interaktive Dashboards

Interactive dashboards

The dashboard is the central gateway for all users. It provides a clear overview of all tasks in the ISMS process. With the help of interactive controls users can filter and analyze data based on their individual permissions. They can directly open and edit an information security risk or action, for example, with a simple drill-down.

ISMS, Informationssicherheitsmanagement, risk2value Solution

1

Identifikation

Die Informationen und die damit verbundenen Sicherheitsanforderungen werden identifiziert. Die Durchführung einer methodischen Bewertung der Risiken, die mit den Informationsbeständen der Organisation verbunden sind, erfordert eine Analyse der Bedrohungen der Informationsressourcen, der Anfälligkeiten für eine Bedrohung und die Wahrscheinlichkeit einer solchen sowie die potenziellen Auswirkungen eines Vorfalls.

2

Bewertung

Das Management von Informationssicherheitsrisiken erfordert eine geeignete Methode zur Risikobewertung und -behandlung. Die Ergebnisse der Bewertung tragen dazu bei, geeignete Entscheidungen zur Umsetzung von Maßnahmen zu treffen, die Festlegung von Prioritäten für das Managen von Informationssicherheitsrisiken zu unterstützen, sowie die Umsetzung der entsprechenden Sicherheitskontrollen zu steuern.

3

Kontrolle

Geeignete Kontrollen müssen ausgewählt und implementiert werden, um sicherzustellen, dass die Informationssicherheitsrisiken auf ein für die Organisation akzeptables Niveau reduziert werden. Die Kontrollen können aus ISO/IEC 27002, aus anderen relevanten Kontrollsätzen oder aus neuen Kontrollen ausgewählt werden, die gegebenenfalls auf spezifische Bedürfnisse zugeschnitten sind.

4

Überwachung

Eine Organisation muss ein ISMS aufrechterhalten und verbessern, indem sie die dessen Wirksamkeit in Hinblick auf die Unternehmenspolitik und -ziele überwacht und bewertet, sowie die Ergebnisse dem Management zur Prüfung vorlegt. Diese Überprüfung des ISMS ermöglicht die Validierung, Verifizierung und Rückverfolgbarkeit von Korrektur-, Vorbeugungs- und Verbesserungsmaßnahmen basierend auf den vorhandenen Aufzeichnungen und Kontrollen.

5

Berichterstattung

Eine Organisation muss die Ergebnisse dem Management zur Prüfung übermitteln. Diese ISMS-Überprüfung ermöglicht den Nachweis von Validierungs-, Verifizierungs- und Verbesserungsmaßnahmen, die auf den Aufzeichnungen der überwachten Bereiche basieren und vom Management genehmigt wurden.

Der definierte Informationssicherheitsmanagement Prozess wird periodisch durchlaufen, sodass eine konsistente Steuerung der unternehmensindividuellen Sicherheitsanforderungen sichergestellt ist. Durch den Einsatz der risk2value ISMS Solution werden kritische Risiken frühzeitig erkannt und bewertet, geeignete Maßnahmen zur Risikosteuerung ergriffen und die Risikoentwicklung konsequent überwacht. Dies bewahrt Unternehmen vor den Auswirkungen von Bedrohungen.

risk2value ISMS BSI solution: The business side

The risk2value standard solution for ISMS (Information Security Management System) was developed based on the IT-Grundschutz compendium and can be used to implement and operate an ISMS. The German Federal Office for Information Security (BSI) designed the IT-Grundschutz so that it can be used in all types of industries. Its recommendations, which cover typical security requirements and dangers, are suitable for companies of all sizes. Thanks to its predefined components and implementation instructions, it is easy to understand and can be used immediately.

In 2021, the BSI re-published the IT-Grundschutz compendium in the 2021 edition. This replaced the 2020 edition. As part of the revision, modules (asset types) were renamed or combined and security requirements (controls) were adapted to the state of the art. These changes were incorporated into the risk2value ISMS BSI solution.

The practical experience from numerous implementation projects was decisive for the implementation of the risk2value ISMS BSI solution. Our solution is based on the following basic process:

Create a structure analysis and map your assets.

The individual components of the BSI IT-Grundschutz cover all relevant aspects of information security in typical business processes and applications. They are structured into applications, IT systems, industrial IT, networks and communication, infrastructure, security management, organization and human resources, concept design and approach, detection and reaction as well as operations. You can identify your own assets and assign them to the components contained in the ISMS BSI solution.  

 

A security requirements analysis for your information security goals concerning trust, integrity and availability can be defined for the assets identified in BSI IT-Grundschutz. The objective of the security requirements analysis is to determine how suitable the protection is for the information or information technology that is used.

 

Conduct a security requirements analysis of your assets.

Evaluate the security requirements of BSI IT-Grundschutz.

The ISMS BSI solution contains the security requirements control catalog from BSI IT-Grundschutz in all three protection levels (basic, standard and higher security requirements) as well as their instructions for designing a security concept. These security requirements are already mapped to the components – and, therefore, the relevant assets – in line with the recommendations in BSI IT-Grundschutz. The measures recommended in the control catalogs are compared here with the measures that have already been implemented in your company and evaluated based on their implementation status. This makes it possible to implement the recommended security requirements accordingly, document variances, and present them transparently for certifications.

 

If you have not fulfilled the security requirements sufficiently, you can create risks and evaluate them based on their probability of occurrence and impact of damages. The ISMS BSI solution offers a choice of qualitative and quantitative evaluations.  

The Elementary Dangers of the BSI IT-Grundschutz, which are contained as a risk catalog in the ISMS BSI solution are mapped based on BSI recommendations to the applicable security requirements and enable you to create risks in the right context depending on vulnerabilities and requirements. 

Furthermore, you can create, document and track measures based on their implementation levels, costs, requirements as well as any reductions in damages or the probability of their occurrence.  

Add and evaluate additional risks and measures.

View automatic calculations of fulfillment levels from Annex A, ISO/IEC 27001:2013.

Since the implementation instructions and design of BSI IT-Grundschutz are very similar to ISO/IEC 27001:2013, you can map the requirements from BSI IT-Grundschutz and the measure catalog from Annex A of the ISO standard in the ISMS BSI solution. Due to this mapping, the solution will automatically calculate the fulfillment level of the measures from Annex A of ISO 27001 following the calculation of the BSI IT-Grundschutz security requirements. This list of the fulfillment level of Annex A is also available as a printable management report.

 

The fulfillment levels of the respective BSI security requirements are listed by components and, therefore, assigned to their assets. You can view them clearly in the dashboard and navigate them individually. By clicking on a specific implementation status, you can drill into the control assessment and process your evaluations further. You benefit by gaining access to information on the fulfillment or completion levels at any time and creating reports for management or auditors much more easily. 

 

Get an overview with dashboards and reports.

Get the risk2value ISMS BSI solution demo

Thank you for your interest in the risk2value ISMS BSI solution demo.
After your request has been checked, you will receive a link to the complete demo by email.

    By selecting this box, I hereby grant my declaration of consent to order the GRC alert. I accept that avedos GRC GmbH will save and process my personal data in order to send the GRC alert, improve the service offering, promote products and services of avedos as well as initiate business relations in line with this data protection notice. I may revoke my approval at any time. 

    Daniel Szamosvari avedos Mitarbeiter

    Any questions?
    We'd be happy to assist!

    Daniel Szamosvari

    Sales Specialist & Account Manager