Technical Compliance
An appropriate security level for your ISMS
How do you care for the technical compliance of your certified security management? We show solutions, how to not only comply with them, but also reach economical, and in terms of risks, an appropriate security level and ensure your ISMS remains technically effective in accordance with ISO/IEC 27001:2013. Furthermore, we give you the certainty that you meet all requirements for certification according to DIN ISO/IEC 27001:2015-02. In addition, you can be sure that your implemented security measures are effective.
Conventional audits for ISMS are missing the integrated perspective, since their results do not build on each other. In addition processes (risk-, security-, change-, development- and operational processes), which are the most important element in between the individual ISMS-components, are not considered.
Likewise, the interaction between technical and organizational factors is not considered in island audits.
Our solution consists of an extended Security Assessment, comprising modules to review of:
- ISMS-maturity according to ISO/IEC 27004:2009, ISO/IEC 27007:2011
- Effectiveness of security controls according to ISO/IEC TR 27008:2011
- Process maturity according to CMMI
- The results of this assessment will be prepared in KPIs
Our test method ensures validity and reproducibility of results. The combined use of the above mentioned methods provides in total according to the required standard compliance of Technical Compliance and a significantly increased IT security level.
Your contact person
Andreas Eichmann
Senior account manager
Tel. +49 2173 20363-0
Mail info-at-admeritia.de
Reference projects
- Extended Security Assessment
- Area network operators (power/gas)
- Extended Security Assessment
- Network provider (telecommunication)
- Technical Gap Analysis
- Multiple network operation (power/gas)
Committee work
- ISO IEC JTC1 SC27 (WG3 and WG4)
- ISO
- Mirror committee NA 043-01-27
- DIN
- ISECOM-Board
- ISECOM
Lectures
- Operationalization of a network operator ISMS
- AK IT-SiBe EVU
- Nov 2016
- ISMS Introduction at EVU - Problems and Pitfalls
- AK IT-SiBe EVU
- Jun 2016
- Technical Tests for ICS-systems
- 14. Deutscher IT-Sicherheits-Kongress
- May 2015
- Security Level Monitoring - Monitoring and visualizing security
- BITKOM Security Conference
- Mar 2014
Publications
- Technical Tests for ICS-systems
- 14. German IT Security Congress
- May 2015
- Technical Security Tests for ICS-Anlagen
- SPS IPC Drives Kongress
- Nov 2014