Implementation of IT basic protection/protection requirements analysis
Project duration: 1 year, 1 month
Brief description
Due to the increasingly strict requirements for IT security, the customer has committed to checking its information network in accordance with ISO 27001 on the basis of IT basic protection. Furthermore, any requirements resulting from the second part of the KRITIS directive to implement the IT security law are to be anticipated in this way.
Supplement
The aim of the project is to determine security requirements, evaluate the safety level reached, and identify suitable security measures to be taken. The project does not include certification on the basis of ISO 27001. The method is based on "BSI standard 100-2 IT basic protection method". All the phases described in this standard are carried out individually and applied to the company. The project ends with the creation of an implementation plan and publication of working guidelines for continuous improvement of the newly created ISMS.
Subject description
Ordinance on the Determination of Critical Infrastructures according to the BSI Act (BSI Critis Ordinance – BSI Critis Ordinance) see https://www.gesetze-im-internet.de/bsi-kritisv/BJNR095800016.html