Implementation of an information security management system (ISMS)

The establishment of an information security management system (ISMS) is often a major milestone when an organization aspires to increase the maturity of its security. Several norms and standards, sometimes resulting in a certification, can serve as a guideline for the achievement of this task. The most known among them is the 2700X family of standards, in particular:

• ISO/CEI 27001 : Specification of ISMS requirements, leading to certification
• ISO/CEI 27002 : Code of practice for information security management
• ISO/CEI 27003 : ISMS implementation guidance
• ISO/CEI 27005 : Information security risk management

In the context of the deployment or enhancement of your information security management system (ISMS), immunIT can advise you on the establishment of best practices and help you monitor their implementation throughout the process.

Information security governance

When an organization aims to improve its information security governance in alignment with its business processes, CobiT (Control Objectives for Information and related Technology) is frequently used as a baseline. With its set of indicators, processes and good practices, CobiT is a valuable help for this task. This is why immunIT has selected this framework as a primary tool for its missions related to information security governance.

Risk management / risk assessment

The use of a risk management and assessment process is often a key stage to assess the current security level of an organization. Multiple methodologies can be used with different strengths and weaknesses depending on the context. Consequently, immunIT has made the choice not to limit itself to a single methodology, but to stay flexible in accordance to the needs for each mandate. Each risk analysis will be undertaken with the help of stages that are shared between all methodologies and are integral parts of good risk management practices:

• Establishment of the context
• Identification of assets
• Identification of risks
• Risk analysis
• Risk assessment and prioritization
• Handling of the risks

Business Continuity Planning / Disaster Recovery Plan

To strengthen the resilience of your IT infrastructure against major incidents, it is often paramount to design and implement a Disaster Recovery Plan. immunIT can help you perform this mission in both technical and organizational aspects. If the assessment has to go beyond the sole IT scope, it is important to take business impacts into account. In this context, the establishment of Business Continuity Planning – using a standard such as ISO 22301 – is therefore necessary. immunIT can also participate in this reflection and bring its expertise to help you take the best possible measures to protect your organization.

Drafting and review of policies and procedures

Drafting policies, procedures and user charters is never an easy task. immunIT can participate in the review of existing documents, or help you write new ones that would contribute to your security strategy.