- On 8. Dec 2019
Are you planning to implement an ISMS in your organization? Don’t forget to consider these two key success factors…
Amir Salkic is ISO/IEC 27001 Lead Implementer for the SEC Consult Group, located in Vienna. He successfully advises companies in the DACH region on the implementation of a customized ISMS in accordance with ISO/IEC 27001. His vast experience allows him and his team to roll out an ISMS in 6-12 months (in SMEs) or in 12- 24 months (in large companies).
Salkic has identified two key success factors:
- You need the right expectations. ISMS is not an IT topic! The ISMS topic usually ends up very quickly in the IT department. But it does not belong there. In fact, at the beginning of the ISMS implementation, we deal with issues such as document control, roles and responsibilities, defining security goals, and so on. Why does ISMS end up in the IT department? This is because a lot of security measures that result at the end of the ISMS process are IT measures. Naturally, these IT measures must be implemented by IT.
- You need the will to change. You want to implement an ISMS, but nothing should change? This will not work! The ISMS intervenes in existing processes. These processes have to be adapted very often. Likewise, new processes must be created and implemented. So it’s an organizational development.
Why your Information Security Risk Management is doomed.
Stand out from the crowd by defining the term “risk” for yourself. Do better than many others by reading this article (on LinkedIn, in German).
Why are companies struggling with the definition of the ISO / IEC 27001 scope?
Why are companies building ISMS silos?
Why are companies struggling with the confidentiality classes?
More tips for the ISO 27001 implementation
In addition to information security process consulting, you will gain access to 150+ technical security consultants from the SEC Consult team, assisting you with the implementation of technical security measures, such as:
- Development of Security Strategies / Cyber Security Strategy
- Gap analysis to ISO/IEC 27001
- Construction and implementation of information security governance
- Setup and implementation of Information Security Risk Management
- Planning and execution of asset criticality assessments, information security risk assessments and information security risk treatments
- Creation of Information Security Policies and Standards
- Planning and implementation of information security awareness training
- Information Security Compliance on special topics such as requirements of ISA VDA / TISAX or ECB / FMA
- Rent a CISO
Which project goals do you want to achieve? Amir Salkic and his team is looking forward to your inquiry under firstname.lastname@example.org.