MRMCD2024 Dein ISMS, das unbekannte Wesen

Management systems are critical for both quality and security but need to be properly tailored to organizational needs

About 80% of people working with management systems have no IT expertise, while 20% have technical knowledge (Pareto principle)

Organizations must avoid blindly implementing ISMS (Information Security Management System) without considering their specific context and requirements

Key factors to consider when implementing ISMS:

• Organization size and structure
• Available resources and expertise
• Critical systems and assets
• Compliance requirements

ISMS implementation requires:

• Clear leadership roles (CIO, CISO)
• Proper resource allocation
• Balance between global and local needs
• Regular assessment and updates

Cost considerations must include both direct and indirect costs of implementation and maintenance

Success depends on:

• Tailoring controls to actual risks
• Avoiding excessive complexity
• Ensuring practicality for daily operations
• Building proper governance structures
• Regular evaluation and improvement

Technical controls must be matched with appropriate organizational measures and policies

Focus should be on creating sustainable, long-term security practices rather than just achieving compliance checkmarks