risk2value GRC Solutions

risk2value ISMS solution

Highlights of the risk2value ISMS solution

  • Track security actions automatically.
  • Evaluate your risks in line with ISO 27005 standards.
  • Gain complete transparency of correlations among assets, risks, controls, actions and audit findings.

Sparen Sie wertvolle Zeit mit der risk2value ERM Solution und proftitieren Sie von einem professionellen, automatisierten Tool

With the risk2value ISMS solution, you bank on state-of-the-art technology to efficiently map your information security management.

Abhängigkeiten in risk2value schemenhafte Darstellung

Full transparency

Transparency is the prerequisite for information security. The risk2value ISMS solution provides a central view of your assets, information security risks, security actions and audit findings. This helps you efficiently protect critical assets, quickly recognize control gaps and respond accordingly.

Quantitative und qualitative Bewertung

Standardized evaluations

The risk2value ISMS solution supports you throughout each step of the risk management process. You can enter, evaluate, and control information security risks in line with the requirements from ISO/IEC 27001:2013, which are supplemented by international ISO/IEC 27005:2011 standards.

Kollaboration in der risk2value ERM Solution

Flexible collaboration

The risk2value ISMS solution offers collaborative capabilities that facilitate teamwork between colleagues and risk owners. They can discuss and clarify questions about information security risks or actions directly in the solution or even invite further users to join the discussion. Each person can access this information at any time in the right place from a central location.

Reports in risk2value

Predefined reports

Use the comprehensive reporting capabilities including predefined reports in the risk2value ISMS solution. With just a click, you automatically export individual risks to a PDF file containing a complete report on the individual risk, the respective actions, organizational units and risk catalogs.

automatischer E-Mail Versand in risk2value

Automated tracking

With the risk2value ISMS solution, you easily define, fully document, and reliably track all security measures. Status overviews keep the responsible employees and the original author informed on the current implementation status of these actions.

Interaktive Dashboards

Interactive dashboards

The dashboard is the central gateway for all users. It provides a clear overview of all tasks in the ISMS process. With the help of interactive controls users can filter and analyze data based on their individual permissions. They can directly open and edit an information security risk or action, for example, with a simple drill-down.

ISMS, Informationssicherheitsmanagement, risk2value Solution

1

Identifikation

Die Informationen und die damit verbundenen Sicherheitsanforderungen werden identifiziert. Die Durchführung einer methodischen Bewertung der Risiken, die mit den Informationsbeständen der Organisation verbunden sind, erfordert eine Analyse der Bedrohungen der Informationsressourcen, der Anfälligkeiten für eine Bedrohung und die Wahrscheinlichkeit einer solchen sowie die potenziellen Auswirkungen eines Vorfalls.

2

Bewertung

Das Management von Informationssicherheitsrisiken erfordert eine geeignete Methode zur Risikobewertung und -behandlung. Die Ergebnisse der Bewertung tragen dazu bei, geeignete Entscheidungen zur Umsetzung von Maßnahmen zu treffen, die Festlegung von Prioritäten für das Managen von Informationssicherheitsrisiken zu unterstützen, sowie die Umsetzung der entsprechenden Sicherheitskontrollen zu steuern.

3

Kontrolle

Geeignete Kontrollen müssen ausgewählt und implementiert werden, um sicherzustellen, dass die Informationssicherheitsrisiken auf ein für die Organisation akzeptables Niveau reduziert werden. Die Kontrollen können aus ISO/IEC 27002, aus anderen relevanten Kontrollsätzen oder aus neuen Kontrollen ausgewählt werden, die gegebenenfalls auf spezifische Bedürfnisse zugeschnitten sind.

4

Überwachung

Eine Organisation muss ein ISMS aufrechterhalten und verbessern, indem sie die dessen Wirksamkeit in Hinblick auf die Unternehmenspolitik und -ziele überwacht und bewertet, sowie die Ergebnisse dem Management zur Prüfung vorlegt. Diese Überprüfung des ISMS ermöglicht die Validierung, Verifizierung und Rückverfolgbarkeit von Korrektur-, Vorbeugungs- und Verbesserungsmaßnahmen basierend auf den vorhandenen Aufzeichnungen und Kontrollen.

5

Berichterstattung

Eine Organisation muss die Ergebnisse dem Management zur Prüfung übermitteln. Diese ISMS-Überprüfung ermöglicht den Nachweis von Validierungs-, Verifizierungs- und Verbesserungsmaßnahmen, die auf den Aufzeichnungen der überwachten Bereiche basieren und vom Management genehmigt wurden.

Der definierte Informationssicherheitsmanagement Prozess wird periodisch durchlaufen, sodass eine konsistente Steuerung der unternehmensindividuellen Sicherheitsanforderungen sichergestellt ist. Durch den Einsatz der risk2value ISMS Solution werden kritische Risiken frühzeitig erkannt und bewertet, geeignete Maßnahmen zur Risikosteuerung ergriffen und die Risikoentwicklung konsequent überwacht. Dies bewahrt Unternehmen vor den Auswirkungen von Bedrohungen.

risk2value ISMS solution: The business side

An information security management system (ISMS) is a collection of methods and rules to define, manage, control, maintain and continually improve the information security within the company. Its objective is to protect information of all kinds and origins – including information on paper or in the minds of employees.

The risk2value ISMS solution taps the hands-on experience that avedos employees have gained in various implementation projects. Our solution follows this basic approach:

Identify assets that should be protected.

The first step is to identify which assets and information need to be protected. The risk2value ISMS solution provides functions to create an asset inventory, categorize assets, and map the entire corporate structure.

In alignment with the security requirements analysis, users then define the need for protecting information and processes with regard to confidentiality, integrity and availability in the risk2value ISMS solution. This includes a closer examination of how far business processes are affected if the basic values of trust, integrity, availability and authenticity of an object are damaged.

Define the security requirements for information and processes.

Conduct risk assessments.

risk2value supports the management of information security risks in line with ISO 27005 and contains suitable methods to analyze, evaluate and handle risks in line with these standards. During the risk assessment, users evaluate the extent to which the company’s information security protection goals are endangered and the probability that such an incident will occur. Based on the respective threat level of the security goals and the respective results from the security requirements analysis, companies can create risk values for the security goals of the asset.
The control assessment in the risk2value ISMS solution is based on ISO/IEC 27001:2013 Annex A. It can, however, be extended with other control records as needed. To ensure that the same content only has to be evaluated once, several control catalogs can be linked together. The actual-target maturity for the controls can be calculated based on a risk-control mapping and compared to the evaluation of the actual maturity in the control assessment. The individual and remaining risks as well as the necessary actions to fulfill standards can be derived from this information.

Run the control assessment.

Ensure robust results in risk assessments.

Based on the results of the information security risk management, the value assessment of assets and company-specific security requirements, individual risks can be identified and assigned to the respective risk owner. Afterwards, suitable actions to manage risks can be created and mapped in the risk2value ISMS solution. The process can be repeated on a regular basis to respond to possible changes in organizational goals and strategies, security requirements and assets.

The steps of this entire information security management process run as a continuous loop to foster ongoing process optimization. Any security gaps caused by changes in risks, business goals and corporate strategies can be thwarted accordingly. The risk2value ISMS solution ensures that the ISMS remains effective and up to date throughout the organization and can be submitted to management for further examination.

Improve and monitor the process.

Marco Moretti avedos Mitarbeiter

Any questions?
We'd be happy to assist!

Marco Moretti

Sales & New Business