• CONSULTING
    • Strategy and business processes
      • Strategic planning and management of the implementation of the strategic plan
      • Business process management – identification, modeling and improvement of business processes
      • Designing a modern IT organization and managing human resource efficiency
      • Project management
    • Digital transformation through Data Management
      • Establish a Data Governance framework and develop a data management strategy
      • Data quality management
      • Data security management
      • Master and metadata management
      • Preparations for the implementation of BI and Big data solutions
      • Estimates of data management maturity
      • Documentation and content management
      • Establish organizations for successful data management and digital transformation
    • Risks and compliances
      • Business risk management (ISO 31000, etc.)
      • Compliance management in business systems
      • Harmonization of operations in majority state-owned companies (Decision of the Government of the Republic of Croatia OG 99/19)
      • Management of the protection of whistleblowers (46/22 OG and ISO 37002)
      • Anti-corruption system management (ISO 37001)
      • Privacy management (ISO 29100)
      • Electronic identification and trust services in accordance with the eIDAS Regulation
    • Information security, Cyber security and business continuity
      • Corporate information security
      • Information security risk management
      • Information security systems management
      • Business continuity management
      • Cyber security management
      • Incident management, disaster recovery
      • Alignment with the EU regulation 2016/1148, the law and the regulation on cyber security
    • Quality, environment protection and energy efficiency
      • Implementation and evaluation of quality management system (ISO 9001, ISO 15017, etc.)
      • Implementation and assessment of environmental management system (ISO 14001)
      • Implementation and evaluation of energy efficiency management system (ISO 50001)
      • Implementation and evaluation of occupational health and safety management systems (ISO 45001)
    • IT Governance & IT Management
      • Design of ICT Governance & ICT Management systems
      • Development of a new IT strategy
      • Designing a modern IT organization and managing human resource efficiency
      • Management and supervision of IT projects
      • Information system development, verification, validation and testing services
      • Development of technical specifications for the development of information systems
      • Information systems audit
    • IT services
      • Managing IT services
      • Implementation of IT service management system (ISO 20000)
      • ITIL & managing IT services
    • EU projects
      • Identify opportunities for financial support and select the best source of funding
      • Preparation of project application in accordance with EU guidelines
      • EU project management
  • EDUCATIONS
    • Education calendar
  • e-learning
  • ABOUT US
    • Partners
    • ZIH team
    • ZIH’s Authorities
    • Reference list
  • NEWS
  • BLOG
  • CONTACT
Menu
  • CONSULTING
    • Strategy and business processes
      • Strategic planning and management of the implementation of the strategic plan
      • Business process management – identification, modeling and improvement of business processes
      • Designing a modern IT organization and managing human resource efficiency
      • Project management
    • Digital transformation through Data Management
      • Establish a Data Governance framework and develop a data management strategy
      • Data quality management
      • Data security management
      • Master and metadata management
      • Preparations for the implementation of BI and Big data solutions
      • Estimates of data management maturity
      • Documentation and content management
      • Establish organizations for successful data management and digital transformation
    • Risks and compliances
      • Business risk management (ISO 31000, etc.)
      • Compliance management in business systems
      • Harmonization of operations in majority state-owned companies (Decision of the Government of the Republic of Croatia OG 99/19)
      • Management of the protection of whistleblowers (46/22 OG and ISO 37002)
      • Anti-corruption system management (ISO 37001)
      • Privacy management (ISO 29100)
      • Electronic identification and trust services in accordance with the eIDAS Regulation
    • Information security, Cyber security and business continuity
      • Corporate information security
      • Information security risk management
      • Information security systems management
      • Business continuity management
      • Cyber security management
      • Incident management, disaster recovery
      • Alignment with the EU regulation 2016/1148, the law and the regulation on cyber security
    • Quality, environment protection and energy efficiency
      • Implementation and evaluation of quality management system (ISO 9001, ISO 15017, etc.)
      • Implementation and assessment of environmental management system (ISO 14001)
      • Implementation and evaluation of energy efficiency management system (ISO 50001)
      • Implementation and evaluation of occupational health and safety management systems (ISO 45001)
    • IT Governance & IT Management
      • Design of ICT Governance & ICT Management systems
      • Development of a new IT strategy
      • Designing a modern IT organization and managing human resource efficiency
      • Management and supervision of IT projects
      • Information system development, verification, validation and testing services
      • Development of technical specifications for the development of information systems
      • Information systems audit
    • IT services
      • Managing IT services
      • Implementation of IT service management system (ISO 20000)
      • ITIL & managing IT services
    • EU projects
      • Identify opportunities for financial support and select the best source of funding
      • Preparation of project application in accordance with EU guidelines
      • EU project management
  • EDUCATIONS
    • Education calendar
  • e-learning
  • ABOUT US
    • Partners
    • ZIH team
    • ZIH’s Authorities
    • Reference list
  • NEWS
  • BLOG
  • CONTACT
Search
EN
  • HR
[ivory-search id="3372" title="Search form laptop"]

HR 

  • KONZALTING
    • Strategija i poslovni procesi
      • Strateško planiranje i upravljanje implementacijom strateškog plana
      • Upravljanje poslovnim procesima – identifikacija, modeliranje i unapređenje poslovnih procesa
      • Izrada nove organizacije te upravljanje razvojem karijere i radnim učincima djelatnika
      • Upravljanje projektima
    • Digitalna transformacija kroz upravljanje podacima
      • Uspostava Data Governance okvira i izrada strategije upravljanja podacima
      • Upravljanje kvalitetom podataka
      • Upravljanje sigurnošću podataka
      • Upravljanje matičnim i meta podacima
      • Pripreme za implementaciju rješenja za BI i Big data
      • Procjena zrelosti upravljanja podacima
      • Upravljanje dokumentacijom i sadržajem
      • Uspostava organizacije za uspješno upravljanje podacima i digitalnu transformaciju
    • Rizici i usklađenosti
      • GDPR/Upravljanje zaštitom privatnosti
      • Uspostava CMS-a(Compliance Management System) kao dio digitaliziranog sustava upravljanja cijelim poslovnim sustavom
      • Zaštita prijavitelja nepravilnosti
      • Elektronička identifikacija i usluge povjerenja u skladu s eIDAS Uredbom
      • Upravljanje antikorupcijskim sustavom (ISO 37001)
      • Upravljanje poslovnim rizicima
      • Uspostava CMS-a (Compliance Management System) kao pokretača implementacije drugih sustava upravljanja i integracije
      • Uspostava CMS-a (Compliance Management System) kao samostalnog sustava
    • Informacijska sigurnost, kibernetička sigurnost i kontinuitet poslovanja
      • Korporativna informacijska sigurnost
      • Upravljanje rizicima informacijske sigurnosti
      • Upravljanje sustavima informacijske sigurnosti
      • Upravljanje kontinuitetom poslovanja
      • Upravljanje kibernetičkom sigurnošću
      • Upravljanje incidentima, oporavak od katastrofe
      • Usklađivanje s eu uredbom 2016/1148, zakonom i uredbom o kibernetičkoj sigurnosti
    • Kvaliteta, zaštita okoliša i energetska učinkovitost
      • Implementacija i procjena sustava upravljanja kvalitetom (ISO 9001, ISO 15017 i dr.)
      • Implementacija i procjena sustava upravljanja zaštitom okoliša (ISO 14001)
      • Implementacija i procjena sustava upravljanja energetskom učinkovitosti (ISO 50001)
      • Implementacija i procjena sustava upravljanja zdravljem i zaštitom na radu (ISO 45001)
    • IT Governance & IT Management
      • Oblikovanje ICT Governance & ICT Management sustava
      • Razvoj nove IT strategije
      • Oblikovanje suvremene IT organizacije i upravljanje učinkovitošću ljudskih resursa
      • Upravljanje i nadzor IT projekata
      • Usluge u razvoju, verifikaciji, validaciji i testiranju informacijskih sustava
      • Izrada tehničkih specifikacija za razvoj informacijskih sustava
      • Revizija informacijskih sustava
    • IT usluge
      • Upravljanje IT uslugama
      • Primjena norme ISO 20000 u upravljanju IT uslugama
      • ITIL i upravljanje IT uslugama
    • EU projekti
      • Identifikacija mogućnosti dobivanja financijske potpore i odabir najboljeg izvora financiranja
      • Izrada projektne prijave u skladu s EU smjernicama
      • Vođenje EU projekata
  • EDUKACIJE
    • Kalendar edukacija
    • Seminari u ožujku i travnju!
  • e-learning
  • O NAMA
    • Partneri
    • Tim ZIH-a
    • Ovlaštenja ZIH-a
    • Referentna lista
  • NOVOSTI
  • BLOG
  • KONTAKT
Menu
  • KONZALTING
    • Strategija i poslovni procesi
      • Strateško planiranje i upravljanje implementacijom strateškog plana
      • Upravljanje poslovnim procesima – identifikacija, modeliranje i unapređenje poslovnih procesa
      • Izrada nove organizacije te upravljanje razvojem karijere i radnim učincima djelatnika
      • Upravljanje projektima
    • Digitalna transformacija kroz upravljanje podacima
      • Uspostava Data Governance okvira i izrada strategije upravljanja podacima
      • Upravljanje kvalitetom podataka
      • Upravljanje sigurnošću podataka
      • Upravljanje matičnim i meta podacima
      • Pripreme za implementaciju rješenja za BI i Big data
      • Procjena zrelosti upravljanja podacima
      • Upravljanje dokumentacijom i sadržajem
      • Uspostava organizacije za uspješno upravljanje podacima i digitalnu transformaciju
    • Rizici i usklađenosti
      • GDPR/Upravljanje zaštitom privatnosti
      • Uspostava CMS-a(Compliance Management System) kao dio digitaliziranog sustava upravljanja cijelim poslovnim sustavom
      • Zaštita prijavitelja nepravilnosti
      • Elektronička identifikacija i usluge povjerenja u skladu s eIDAS Uredbom
      • Upravljanje antikorupcijskim sustavom (ISO 37001)
      • Upravljanje poslovnim rizicima
      • Uspostava CMS-a (Compliance Management System) kao pokretača implementacije drugih sustava upravljanja i integracije
      • Uspostava CMS-a (Compliance Management System) kao samostalnog sustava
    • Informacijska sigurnost, kibernetička sigurnost i kontinuitet poslovanja
      • Korporativna informacijska sigurnost
      • Upravljanje rizicima informacijske sigurnosti
      • Upravljanje sustavima informacijske sigurnosti
      • Upravljanje kontinuitetom poslovanja
      • Upravljanje kibernetičkom sigurnošću
      • Upravljanje incidentima, oporavak od katastrofe
      • Usklađivanje s eu uredbom 2016/1148, zakonom i uredbom o kibernetičkoj sigurnosti
    • Kvaliteta, zaštita okoliša i energetska učinkovitost
      • Implementacija i procjena sustava upravljanja kvalitetom (ISO 9001, ISO 15017 i dr.)
      • Implementacija i procjena sustava upravljanja zaštitom okoliša (ISO 14001)
      • Implementacija i procjena sustava upravljanja energetskom učinkovitosti (ISO 50001)
      • Implementacija i procjena sustava upravljanja zdravljem i zaštitom na radu (ISO 45001)
    • IT Governance & IT Management
      • Oblikovanje ICT Governance & ICT Management sustava
      • Razvoj nove IT strategije
      • Oblikovanje suvremene IT organizacije i upravljanje učinkovitošću ljudskih resursa
      • Upravljanje i nadzor IT projekata
      • Usluge u razvoju, verifikaciji, validaciji i testiranju informacijskih sustava
      • Izrada tehničkih specifikacija za razvoj informacijskih sustava
      • Revizija informacijskih sustava
    • IT usluge
      • Upravljanje IT uslugama
      • Primjena norme ISO 20000 u upravljanju IT uslugama
      • ITIL i upravljanje IT uslugama
    • EU projekti
      • Identifikacija mogućnosti dobivanja financijske potpore i odabir najboljeg izvora financiranja
      • Izrada projektne prijave u skladu s EU smjernicama
      • Vođenje EU projekata
  • EDUKACIJE
    • Kalendar edukacija
    • Seminari u ožujku i travnju!
  • e-learning
  • O NAMA
    • Partneri
    • Tim ZIH-a
    • Ovlaštenja ZIH-a
    • Referentna lista
  • NOVOSTI
  • BLOG
  • KONTAKT
Menu
  • Konzalting
    • Strategija i poslovni procesi
      • Strateško planiranje i upravljanje implementacijom strateškog plana
      • Upravljanje poslovnim procesima – identifikacija, modeliranje i unapređenje poslovnih procesa
      • Izrada nove organizacije te upravljanje razvojem karijere i radnim učincima djelatnika
      • Upravljanje projektima
    • Digitalna transformacija kroz upravljanje podacima
      • Uspostava Data Governance okvira i izrada strategije upravljanja podacima
      • Upravljanje kvalitetom podataka
      • Upravljanje sigurnošću podataka
      • Upravljanje matičnim i meta podacima
      • Pripreme za implementaciju rješenja za BI i Big data
      • Procjena zrelosti upravljanja podacima
      • Upravljanje dokumentacijom i sadržajem
      • Uspostava organizacije za uspješno upravljanje podacima i digitalnu transformaciju
    • Rizici i usklađenosti
      • GDPR/Upravljanje zaštitom privatnosti
      • Uspostava CMS-a(Compliance Management System) kao dio digitaliziranog sustava upravljanja cijelim poslovnim sustavom
      • Zaštita prijavitelja nepravilnosti
      • Elektronička identifikacija i usluge povjerenja u skladu s eIDAS Uredbom
      • Upravljanje antikorupcijskim sustavom (ISO 37001)
      • Upravljanje poslovnim rizicima
      • Uspostava CMS-a (Compliance Management System) kao pokretača implementacije drugih sustava upravljanja i integracije
      • Uspostava CMS-a (Compliance Management System) kao samostalnog sustava
    • Informacijska sigurnost, kibernetička sigurnost i kontinuitet poslovanja
      • Korporativna informacijska sigurnost
      • Upravljanje rizicima informacijske sigurnosti
      • Upravljanje sustavima informacijske sigurnosti
      • Upravljanje kontinuitetom poslovanja
      • Upravljanje kibernetičkom sigurnošću
      • Upravljanje incidentima, oporavak od katastrofe
      • Usklađivanje s eu uredbom 2016/1148, zakonom i uredbom o kibernetičkoj sigurnosti
    • Kvaliteta, zaštita okoliša i energetska učinkovitost
      • Implementacija i procjena sustava upravljanja kvalitetom (ISO 9001, ISO 15017 i dr.)
      • Implementacija i procjena sustava upravljanja zaštitom okoliša (ISO 14001)
      • Implementacija i procjena sustava upravljanja energetskom učinkovitosti (ISO 50001)
      • Implementacija i procjena sustava upravljanja zdravljem i zaštitom na radu (ISO 45001)
    • IT Governance & IT Management
      • Oblikovanje ICT Governance & ICT Management sustava
      • Razvoj nove IT strategije
      • Oblikovanje suvremene IT organizacije i upravljanje učinkovitošću ljudskih resursa
      • Upravljanje i nadzor IT projekata
      • Usluge u razvoju, verifikaciji, validaciji i testiranju informacijskih sustava
      • Izrada tehničkih specifikacija za razvoj informacijskih sustava
      • Revizija informacijskih sustava
    • IT usluge
      • Upravljanje IT uslugama
      • Primjena norme ISO 20000 u upravljanju IT uslugama
      • ITIL i upravljanje IT uslugama
    • EU projekti
      • Identifikacija mogućnosti dobivanja financijske potpore i odabir najboljeg izvora financiranja
      • Izrada projektne prijave u skladu s EU smjernicama
      • Vođenje EU projekata
  • Edukacije
    • Kalendar edukacija
    • Seminari u ožujku i travnju!
  • e-learning
  • O nama
    • Partneri
    • Tim ZIH-a
    • Ovlaštenja ZIH-a
    • Referentna lista
  • Novosti
  • Blog
  • Kontakt
  • En
    • Hr

Homepage > Consulting > Information security, Cyber security and business continuity > Corporate information security

Corporate information security

What is corporate information security?

Information security is a “moving target”, an area that is constantly and rapidly changing. Today, systems based on the application of ISO/IEC 270 xx series standards are on the scene. (ISMS systems) However, practice requires their gradual transformation according to the concept of so–called Information Security Governance. The derivative corporate information Security (KIS) is most commonly used for this original term, which can be misleading at first glance, because it can be associated with information security in large business systems. However, this concept applies equally to small and medium–sized and large business systems. In order to better understand the concept of corporate information security, it is important to recognise the difference between management (management) and management (governance). COBIT defines a clear distinction between these two concepts.
 
Management refers to day–to–day decision–making during the performance of activities within business processes and operations and is the basis for the management of a business or organisational unit. It is based on the implementation of policies and procedures and must ensure that everyone has the necessary conditions to do their job. Information security management is e.g. backup, verification of system records, monitoring of system performance and other day–to–day activities of IT departments. The management plans, installs, manages and supervises activities that comply with the guidelines set by the management body (e.g. the supervisory board) in order to achieve the company‘s objectives.
 
Guidance shall ensure that the needs, conditions and possible options set by stakeholders are well assessed in order to determine the balanced and agreed objectives to be achieved by the company, set guidelines through prioritisation and decision–making, monitor performance and compliance monitoring in relation to the identified objectives and guidelines. Leadership is a set of broader principles, visions and values that determine how a company is directed.
 
In this sense, corporate information security is a system that makes up vision and principles on the basis of which information security processes are directed and controlled. The difference between management (management) and management (governance) of information security is that management consists of a security strategy and decisions taken by management and implemented controls that mitigate risk, while management (governance) sets a liability framework that determines who can make decisions, establishes supervision to ensure that risks are adequately mitigated and controls whether the security strategy is consistent with the company‘s objectives and complies with regulatory requirements.
ISO 27014 describes the link between good governance and efficient information security management as defined in ISO 27001. The principles used for KIS–water are (according to ISO 27014);
 
information security at company level should be integrated and comprehensive;
each decision should be based on accepted risk management policies;
the strategy for acquiring and investing in information security should comply with business requirements;
compliance with legal and regulatory requirements and formal internal policies;
encouraging a positive attitude towards security measures among all stakeholders in view of the human factor;
the adequacy of access to information protection with regard to business support and protection;
 
The focus of the KIS concept is on further development, responsibilities, processes, procedures, documentation and competencies for information security, especially from the point of view of management and executive management (directors).
 
Each of the aforementioned components IS a problem for itself. For example, responsibilities in the KIS make demands design and implementation of processes that achieve the process cycle evaluation – Management – supervision – Communication – ensuring consistency between the management level of the business system and executive management.
 
The main task of information risk management is to meet the security requirements prescribed by a certain standard and harmonised requirements of all stakeholders of the company, with the determination of an acceptable point of relation between investments in security controls and the cost in the event of the occurrence of a security incident or the achievement of a threat.
 
Implementation of the KIS system may be of interest:
 
members of the safety administrations;
corporate security managers;
information security managers;
information security experts
it security auditors/assessors
anyone interested in the field of security and information security
 
The benefits of the company‘s proper implementation of the corporate information security system are primarily reflected in increasing the degree of compliance with regulatory and legal obligations related to the acceptable use of IT and protection of information assets, which reduces the risk of the company and responsible persons being subject to legal proceedings and significant fines. The protection of critical information assets reduces the risk of unauthorised disclosure of information and thus reduces reputational risk, risk of market loss, risk of competitive advantage and risk of financial losses. KIS can also ensure the balance of investment costs in information security and losses due to possible security incidents and thus maximize the efficiency of part of the company‘s investment cycle.

How can ZIH help you?

For each WINTER user, it has an individualised approach depending on its needs. In accordance with this, we organize workshops with management teams and, with the expert guidance of our consultants and the application of world reference recommendations, we help users successfully implement the principles of corporate information security and IT management in their business. Consulting services that we can provide you with:
 
preparation and operation of THE CASH project;
the selection of THE KIS model (ISO 27014, COBIT, SE CMM, CG);
KIS business process design for the evaluation cycle – governance – supervision – Communication – compliance assurance
Determination of THE KIS organisation for E – U – N – K – O cycle
Drafting of a proposal for responsibility for this cycle
Preparation of proposals for necessary procedures
Participation in the implementation of KIS solutions in practice
Participation in verification (auditory)
 
Education in the following field:
 
  • Why and how to operate the corporate information security system?
  • Development and implementation of corporate information security
  • Internal corporate information security audit
  • Corporate information Security (information Security governance)

You may also be interested in these services and trainings:

Education

Why and how to manage information security risks?

Read more

Education

Why and how to manage information security systems (ISO 27001)

Read more

Service

Cyber security management

Read more

Service

Information security systems management

Read more

Zašto ZIH?

ZIH ima više od 20 godina bogatog iskustva u oblikovanja suvremene organizacije sustava upravljanja informacijskom sigurnošću te pomno prati razvoj i primjenu normi koje se odnose na ovu tematiku.

Do you want a short presentation or offer?

REQUEST AN INQUIRY

Contact us

Fill out the form and our staff will contact you and arrange a visit or online meeting to find out how we can help you.
We want to share with you our experiences and the latest trends that can help you in your daily business.

Consulting

Strategy and business processes

Digital transformation through Data Management

Risks and compliances

Information security and business continuity

Quality, environment protection and energy efficiency

IT Governance & IT Management

IT services

EU projects

EDUCATIONS

Strategy and business processes

Digital transformation through Data Management

Risks and compliances

Information security and business continuity

Quality, environment protection and energy efficiency

IT Governance & IT Management

IT services

EU projects

EDUCATION CALENDAR

ABOUT US

Partners

ZIH team

ZIH’s Authorities

Reference list

NEWS

BLOG

NEWS

BLOG

CONTACT

Trg Antuna, Ivana i Vladimira Mažuranića 8, 10 000 Zagreb
 
Telefon: +385 1 4855 271
Fax: +385 1 4855 272
E-mail: zih@zih.hr
 
IBAN: HR7423400091100013041
 
OIB: 34774399108

NEWSLETTER

Stay up to date with the news and services we provide
Facebook Youtube Linkedin
Copyright © 2022. ZIH
Pravila privatnosti
Mask Group
iso-9001-bureau-veritas-logo
Iso_Trans_Logo-01
Dizajn i programiranje: Prospekt d.o.o.
Copyright © 2022. ZIH

Privacy policy

Mask Group
iso-9001-bureau-veritas-logo
Iso_Trans_Logo-01
Design and programming: Prospekt d.o.o.