If you want to be on the road safely, you have to keep your equipment in good shape. That applies to a car, a company and, of course, an airplane. The pre-flight check is due before each flight: Pilots and mechanics use up to an hour for this visual inspection. In addition, tyres and brakes are checked at the ramp check on every flight day. There are also weekly service checks and more extensive maintenance work after a certain number of flight hours. And no skydiver jumps without having checked his equipment several times beforehand.
Why do I write this? Because we have found that many entrepreneurs often do not understand security as a process. “We have an expensive firewall and an antivirus that makes updates every day,” it says. That should be enough. We also repeatedly encounter the attitude that when problems arise, it is not talked about the general security, but rather about rectifying the individual incident. And then it is often solved with an ad hoc solution that is either not integrated into the IT structure or only eliminates the symptom. If only one audio channel works in the entertainment system, one can either check and repair the entire entertainment system or distribute mono headphones.
A company that works with compromises will sooner or later have to deal with a real image damage. And this in the best case. The loss of customers and sales is threatening.
IT security must also be a process because the world is changing. What is safe today may become the gateway for a virus tomorrow. With a long-term, i.e. sustainable strategy, in which all components of a company are integrated, you will definitely work safer, longer and more comfortably. For this process, the ISMS is a comprehensive and standardised management system with defined rules and processes for the definition, control, monitoring, maintenance and optimisation of information security. The international standard is defined by the ISO27001 standard.