• CONSULTING
    • Strategy and business processes
      • Strategic planning and management of the implementation of the strategic plan
      • Business process management – identification, modeling and improvement of business processes
      • Designing a modern IT organization and managing human resource efficiency
      • Project management
    • Digital transformation through Data Management
      • Establish a Data Governance framework and develop a data management strategy
      • Data quality management
      • Data security management
      • Master and metadata management
      • Preparations for the implementation of BI and Big data solutions
      • Estimates of data management maturity
      • Documentation and content management
      • Establish organizations for successful data management and digital transformation
    • Risks and compliances
      • Business risk management (ISO 31000, etc.)
      • Compliance management in business systems
      • Harmonization of operations in majority state-owned companies (Decision of the Government of the Republic of Croatia OG 99/19)
      • Management of the protection of whistleblowers (46/22 OG and ISO 37002)
      • Anti-corruption system management (ISO 37001)
      • Privacy management (ISO 29100)
      • Electronic identification and trust services in accordance with the eIDAS Regulation
    • Information security, Cyber security and business continuity
      • Corporate information security
      • Information security risk management
      • Information security systems management
      • Business continuity management
      • Cyber security management
      • Incident management, disaster recovery
      • Alignment with the EU regulation 2016/1148, the law and the regulation on cyber security
    • Quality, environment protection and energy efficiency
      • Implementation and evaluation of quality management system (ISO 9001, ISO 15017, etc.)
      • Implementation and assessment of environmental management system (ISO 14001)
      • Implementation and evaluation of energy efficiency management system (ISO 50001)
      • Implementation and evaluation of occupational health and safety management systems (ISO 45001)
    • IT Governance & IT Management
      • Design of ICT Governance & ICT Management systems
      • Development of a new IT strategy
      • Designing a modern IT organization and managing human resource efficiency
      • Management and supervision of IT projects
      • Information system development, verification, validation and testing services
      • Development of technical specifications for the development of information systems
      • Information systems audit
    • IT services
      • Managing IT services
      • Implementation of IT service management system (ISO 20000)
      • ITIL & managing IT services
    • EU projects
      • Identify opportunities for financial support and select the best source of funding
      • Preparation of project application in accordance with EU guidelines
      • EU project management
  • EDUCATIONS
    • Education calendar
  • e-learning
  • ABOUT US
    • Partners
    • ZIH team
    • ZIH’s Authorities
    • Reference list
  • NEWS
  • BLOG
  • CONTACT
Menu
  • CONSULTING
    • Strategy and business processes
      • Strategic planning and management of the implementation of the strategic plan
      • Business process management – identification, modeling and improvement of business processes
      • Designing a modern IT organization and managing human resource efficiency
      • Project management
    • Digital transformation through Data Management
      • Establish a Data Governance framework and develop a data management strategy
      • Data quality management
      • Data security management
      • Master and metadata management
      • Preparations for the implementation of BI and Big data solutions
      • Estimates of data management maturity
      • Documentation and content management
      • Establish organizations for successful data management and digital transformation
    • Risks and compliances
      • Business risk management (ISO 31000, etc.)
      • Compliance management in business systems
      • Harmonization of operations in majority state-owned companies (Decision of the Government of the Republic of Croatia OG 99/19)
      • Management of the protection of whistleblowers (46/22 OG and ISO 37002)
      • Anti-corruption system management (ISO 37001)
      • Privacy management (ISO 29100)
      • Electronic identification and trust services in accordance with the eIDAS Regulation
    • Information security, Cyber security and business continuity
      • Corporate information security
      • Information security risk management
      • Information security systems management
      • Business continuity management
      • Cyber security management
      • Incident management, disaster recovery
      • Alignment with the EU regulation 2016/1148, the law and the regulation on cyber security
    • Quality, environment protection and energy efficiency
      • Implementation and evaluation of quality management system (ISO 9001, ISO 15017, etc.)
      • Implementation and assessment of environmental management system (ISO 14001)
      • Implementation and evaluation of energy efficiency management system (ISO 50001)
      • Implementation and evaluation of occupational health and safety management systems (ISO 45001)
    • IT Governance & IT Management
      • Design of ICT Governance & ICT Management systems
      • Development of a new IT strategy
      • Designing a modern IT organization and managing human resource efficiency
      • Management and supervision of IT projects
      • Information system development, verification, validation and testing services
      • Development of technical specifications for the development of information systems
      • Information systems audit
    • IT services
      • Managing IT services
      • Implementation of IT service management system (ISO 20000)
      • ITIL & managing IT services
    • EU projects
      • Identify opportunities for financial support and select the best source of funding
      • Preparation of project application in accordance with EU guidelines
      • EU project management
  • EDUCATIONS
    • Education calendar
  • e-learning
  • ABOUT US
    • Partners
    • ZIH team
    • ZIH’s Authorities
    • Reference list
  • NEWS
  • BLOG
  • CONTACT
Search
EN
  • HR
[ivory-search id="3372" title="Search form laptop"]

HR 

  • KONZALTING
    • Strategija i poslovni procesi
      • Strateško planiranje i upravljanje implementacijom strateškog plana
      • Upravljanje poslovnim procesima – identifikacija, modeliranje i unapređenje poslovnih procesa
      • Izrada nove organizacije te upravljanje razvojem karijere i radnim učincima djelatnika
      • Upravljanje projektima
    • Digitalna transformacija kroz upravljanje podacima
      • Uspostava Data Governance okvira i izrada strategije upravljanja podacima
      • Upravljanje kvalitetom podataka
      • Upravljanje sigurnošću podataka
      • Upravljanje matičnim i meta podacima
      • Pripreme za implementaciju rješenja za BI i Big data
      • Procjena zrelosti upravljanja podacima
      • Upravljanje dokumentacijom i sadržajem
      • Uspostava organizacije za uspješno upravljanje podacima i digitalnu transformaciju
    • Rizici i usklađenosti
      • GDPR/Upravljanje zaštitom privatnosti
      • Uspostava CMS-a(Compliance Management System) kao dio digitaliziranog sustava upravljanja cijelim poslovnim sustavom
      • Zaštita prijavitelja nepravilnosti
      • Elektronička identifikacija i usluge povjerenja u skladu s eIDAS Uredbom
      • Upravljanje antikorupcijskim sustavom (ISO 37001)
      • Upravljanje poslovnim rizicima
      • Uspostava CMS-a (Compliance Management System) kao pokretača implementacije drugih sustava upravljanja i integracije
      • Uspostava CMS-a (Compliance Management System) kao samostalnog sustava
    • Informacijska sigurnost, kibernetička sigurnost i kontinuitet poslovanja
      • Korporativna informacijska sigurnost
      • Upravljanje rizicima informacijske sigurnosti
      • Upravljanje sustavima informacijske sigurnosti
      • Upravljanje kontinuitetom poslovanja
      • Upravljanje kibernetičkom sigurnošću
      • Upravljanje incidentima, oporavak od katastrofe
      • Usklađivanje s eu uredbom 2016/1148, zakonom i uredbom o kibernetičkoj sigurnosti
    • Kvaliteta, zaštita okoliša i energetska učinkovitost
      • Implementacija i procjena sustava upravljanja kvalitetom (ISO 9001, ISO 15017 i dr.)
      • Implementacija i procjena sustava upravljanja zaštitom okoliša (ISO 14001)
      • Implementacija i procjena sustava upravljanja energetskom učinkovitosti (ISO 50001)
      • Implementacija i procjena sustava upravljanja zdravljem i zaštitom na radu (ISO 45001)
    • IT Governance & IT Management
      • Oblikovanje ICT Governance & ICT Management sustava
      • Razvoj nove IT strategije
      • Oblikovanje suvremene IT organizacije i upravljanje učinkovitošću ljudskih resursa
      • Upravljanje i nadzor IT projekata
      • Usluge u razvoju, verifikaciji, validaciji i testiranju informacijskih sustava
      • Izrada tehničkih specifikacija za razvoj informacijskih sustava
      • Revizija informacijskih sustava
    • IT usluge
      • Upravljanje IT uslugama
      • Primjena norme ISO 20000 u upravljanju IT uslugama
      • ITIL i upravljanje IT uslugama
    • EU projekti
      • Identifikacija mogućnosti dobivanja financijske potpore i odabir najboljeg izvora financiranja
      • Izrada projektne prijave u skladu s EU smjernicama
      • Vođenje EU projekata
  • EDUKACIJE
    • Kalendar edukacija
    • Seminari u ožujku i travnju!
  • e-learning
  • O NAMA
    • Partneri
    • Tim ZIH-a
    • Ovlaštenja ZIH-a
    • Referentna lista
  • NOVOSTI
  • BLOG
  • KONTAKT
Menu
  • KONZALTING
    • Strategija i poslovni procesi
      • Strateško planiranje i upravljanje implementacijom strateškog plana
      • Upravljanje poslovnim procesima – identifikacija, modeliranje i unapređenje poslovnih procesa
      • Izrada nove organizacije te upravljanje razvojem karijere i radnim učincima djelatnika
      • Upravljanje projektima
    • Digitalna transformacija kroz upravljanje podacima
      • Uspostava Data Governance okvira i izrada strategije upravljanja podacima
      • Upravljanje kvalitetom podataka
      • Upravljanje sigurnošću podataka
      • Upravljanje matičnim i meta podacima
      • Pripreme za implementaciju rješenja za BI i Big data
      • Procjena zrelosti upravljanja podacima
      • Upravljanje dokumentacijom i sadržajem
      • Uspostava organizacije za uspješno upravljanje podacima i digitalnu transformaciju
    • Rizici i usklađenosti
      • GDPR/Upravljanje zaštitom privatnosti
      • Uspostava CMS-a(Compliance Management System) kao dio digitaliziranog sustava upravljanja cijelim poslovnim sustavom
      • Zaštita prijavitelja nepravilnosti
      • Elektronička identifikacija i usluge povjerenja u skladu s eIDAS Uredbom
      • Upravljanje antikorupcijskim sustavom (ISO 37001)
      • Upravljanje poslovnim rizicima
      • Uspostava CMS-a (Compliance Management System) kao pokretača implementacije drugih sustava upravljanja i integracije
      • Uspostava CMS-a (Compliance Management System) kao samostalnog sustava
    • Informacijska sigurnost, kibernetička sigurnost i kontinuitet poslovanja
      • Korporativna informacijska sigurnost
      • Upravljanje rizicima informacijske sigurnosti
      • Upravljanje sustavima informacijske sigurnosti
      • Upravljanje kontinuitetom poslovanja
      • Upravljanje kibernetičkom sigurnošću
      • Upravljanje incidentima, oporavak od katastrofe
      • Usklađivanje s eu uredbom 2016/1148, zakonom i uredbom o kibernetičkoj sigurnosti
    • Kvaliteta, zaštita okoliša i energetska učinkovitost
      • Implementacija i procjena sustava upravljanja kvalitetom (ISO 9001, ISO 15017 i dr.)
      • Implementacija i procjena sustava upravljanja zaštitom okoliša (ISO 14001)
      • Implementacija i procjena sustava upravljanja energetskom učinkovitosti (ISO 50001)
      • Implementacija i procjena sustava upravljanja zdravljem i zaštitom na radu (ISO 45001)
    • IT Governance & IT Management
      • Oblikovanje ICT Governance & ICT Management sustava
      • Razvoj nove IT strategije
      • Oblikovanje suvremene IT organizacije i upravljanje učinkovitošću ljudskih resursa
      • Upravljanje i nadzor IT projekata
      • Usluge u razvoju, verifikaciji, validaciji i testiranju informacijskih sustava
      • Izrada tehničkih specifikacija za razvoj informacijskih sustava
      • Revizija informacijskih sustava
    • IT usluge
      • Upravljanje IT uslugama
      • Primjena norme ISO 20000 u upravljanju IT uslugama
      • ITIL i upravljanje IT uslugama
    • EU projekti
      • Identifikacija mogućnosti dobivanja financijske potpore i odabir najboljeg izvora financiranja
      • Izrada projektne prijave u skladu s EU smjernicama
      • Vođenje EU projekata
  • EDUKACIJE
    • Kalendar edukacija
    • Seminari u ožujku i travnju!
  • e-learning
  • O NAMA
    • Partneri
    • Tim ZIH-a
    • Ovlaštenja ZIH-a
    • Referentna lista
  • NOVOSTI
  • BLOG
  • KONTAKT
Menu
  • Konzalting
    • Strategija i poslovni procesi
      • Strateško planiranje i upravljanje implementacijom strateškog plana
      • Upravljanje poslovnim procesima – identifikacija, modeliranje i unapređenje poslovnih procesa
      • Izrada nove organizacije te upravljanje razvojem karijere i radnim učincima djelatnika
      • Upravljanje projektima
    • Digitalna transformacija kroz upravljanje podacima
      • Uspostava Data Governance okvira i izrada strategije upravljanja podacima
      • Upravljanje kvalitetom podataka
      • Upravljanje sigurnošću podataka
      • Upravljanje matičnim i meta podacima
      • Pripreme za implementaciju rješenja za BI i Big data
      • Procjena zrelosti upravljanja podacima
      • Upravljanje dokumentacijom i sadržajem
      • Uspostava organizacije za uspješno upravljanje podacima i digitalnu transformaciju
    • Rizici i usklađenosti
      • GDPR/Upravljanje zaštitom privatnosti
      • Uspostava CMS-a(Compliance Management System) kao dio digitaliziranog sustava upravljanja cijelim poslovnim sustavom
      • Zaštita prijavitelja nepravilnosti
      • Elektronička identifikacija i usluge povjerenja u skladu s eIDAS Uredbom
      • Upravljanje antikorupcijskim sustavom (ISO 37001)
      • Upravljanje poslovnim rizicima
      • Uspostava CMS-a (Compliance Management System) kao pokretača implementacije drugih sustava upravljanja i integracije
      • Uspostava CMS-a (Compliance Management System) kao samostalnog sustava
    • Informacijska sigurnost, kibernetička sigurnost i kontinuitet poslovanja
      • Korporativna informacijska sigurnost
      • Upravljanje rizicima informacijske sigurnosti
      • Upravljanje sustavima informacijske sigurnosti
      • Upravljanje kontinuitetom poslovanja
      • Upravljanje kibernetičkom sigurnošću
      • Upravljanje incidentima, oporavak od katastrofe
      • Usklađivanje s eu uredbom 2016/1148, zakonom i uredbom o kibernetičkoj sigurnosti
    • Kvaliteta, zaštita okoliša i energetska učinkovitost
      • Implementacija i procjena sustava upravljanja kvalitetom (ISO 9001, ISO 15017 i dr.)
      • Implementacija i procjena sustava upravljanja zaštitom okoliša (ISO 14001)
      • Implementacija i procjena sustava upravljanja energetskom učinkovitosti (ISO 50001)
      • Implementacija i procjena sustava upravljanja zdravljem i zaštitom na radu (ISO 45001)
    • IT Governance & IT Management
      • Oblikovanje ICT Governance & ICT Management sustava
      • Razvoj nove IT strategije
      • Oblikovanje suvremene IT organizacije i upravljanje učinkovitošću ljudskih resursa
      • Upravljanje i nadzor IT projekata
      • Usluge u razvoju, verifikaciji, validaciji i testiranju informacijskih sustava
      • Izrada tehničkih specifikacija za razvoj informacijskih sustava
      • Revizija informacijskih sustava
    • IT usluge
      • Upravljanje IT uslugama
      • Primjena norme ISO 20000 u upravljanju IT uslugama
      • ITIL i upravljanje IT uslugama
    • EU projekti
      • Identifikacija mogućnosti dobivanja financijske potpore i odabir najboljeg izvora financiranja
      • Izrada projektne prijave u skladu s EU smjernicama
      • Vođenje EU projekata
  • Edukacije
    • Kalendar edukacija
    • Seminari u ožujku i travnju!
  • e-learning
  • O nama
    • Partneri
    • Tim ZIH-a
    • Ovlaštenja ZIH-a
    • Referentna lista
  • Novosti
  • Blog
  • Kontakt
  • En
    • Hr

Homepage > Consulting > Information security, Cyber security and business continuity > Information security systems management

Information security systems management

What is management of information security systems?

Today, as well as time, information is the most important resource of any business system, and often its key assets whose loss can lead to business ceases. They appear in various forms: written documents, IT databases, images, diagrams, business rules, etc.
 
Information assets are not always clearly identifiable and may consist of information and data on:
 
vision, mission, strategy, longer–term business orientation and strategic objectives;
business policies, finances, business processes;
markets, customers, suppliers, contractual obligations;
staff and their competences;
procedures for the discharge of legal, regulatory or contractual obligations;
installed computer equipment, electronic media, peripheral equipment, system software;
user applications, telecommunications networks, IT employees;
the transactions of the beneficiary;
reports and obligations towards the regulator, as well as a number of other valuable information.
 
As with other forms of business assets, there are numerous sources of threats from attacks on this information asset, which, if they happen and there is not sufficient information security in place, can cause undesirable consequences and cause some material damage or some other form of damage. Groups of such threats shall be:
 
technical errors;
unauthorised access to IT equipment or data;
interruptions in the provision of IT support to business processes;
natural disasters;
physical damage;
compromising data and information, etc.
 
But the biggest threats come from people — hackers, computer criminals, terrorists, industrial espionage, their own employees. Whether the negative consequences of an attack on information assets will occur depends on whether adequate security measures are in place and whether they are implemented in the overall security system. If their level is insufficient, the business system is vulnerable and there is a risk that information assets will be compromised.
 
According to ISO 27001, the information security management system consists of policies, procedures, guidelines, associated resources and activities managed by the company in order to protect its information assets. ISMS is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving the information security of an organization in order to achieve business objectives.

What are the benefits of setting up processes and activities for the management of information security systems?

Information security in a system is a reality and a need. Building a manageable system of security and individual information security is a necessity in the business world, but increasingly in other organizations. This part of the process has often been neglected and assessed as less important. Even when measures and controls are implemented, they are mostly partial solutions related to the security of a prominent aspect of the system (e.g. implementation of antivirus, firewalls, installation of alarms, burglary sensors, etc.) while other elements are neglected. It is certain, however, that the security of the overall system is always proportionate to the safety of the weakest point.

The introduction of a safety system according to the requirements of standards from the ISO 27K series should be seen as a project with its objectives, deadlines, teams and their engagement, costs. Such a project has some features, such as the requirement for certain participants to have experience and appropriate knowledge for specific areas. (e.g., when assessing risk, it is necessary to know the existing security controls and when analysing the impact on business it is important to assess the importance of the asset and the magnitude of the loss due to its unavailability).
 
The benefit after the completion of one such project and the establishment of the information security system management process is certainly increased information asset security in the form of protection of integrity, availability and confidentiality. The company itself assesses whether and how important these characteristics are for its operations based on the conducted business impact analysis and risk assessment to which the information assets are exposed.
 
A well–implemented risk assessment process enables management structures to look at the actual state of information asset security and makes it easier for them to make decisions on how to manage the security of information systems and the impact analysis provides a loss report for cases of unavailability of an information asset or information and communication technology system.
 
The above significantly increases the overall business safety of the company itself, ensures its good reputation among users and partners and reduces the risk of non–compliance with regulatory and legal regulations, if such exist for the industry in which the company operates.

How can ZIH help you?

For each user ZIH has an individualised approach depending on their needs taking into account the size of the company and the context of the business. An important part of our approach are workshops with management teams in which we educate users about the benefits and ways in which it security management processes are established. With the expert guidance of our consultants and the application of world reference recommendations, we help users successfully implement and manage information security systems. The services we can provide cover all processes and activities of THE PIPD (PLAN–Do–Check–Act) cycle and may be but are not limited to:
 
an assessment of the current information security situation;
preparation of the ISMS project;
the development of information security policies;
preparation of security procedures (mandatory documentation);
asset management;
assessment and processing of safety risks;
the design of the organisation of information and human resources security;
the design of access controls;
management of physical and environmental security;
defining the security of IT operations;
the design of the security incident management;
preparing an analysis of the impact on business;
establishing business continuity management;
checks on compliance with legislation, regulations and administrative provisions.
 
Education in the following field:
  • Introduction to information security 
  • Why and how to manage information security systems?
  • Design of ISO 27001:2013 information security systems
  • Training for internal assessors acording to ISO 27001
  • Certified ISO 27001 Foundation (PECB)
  • Certified ISO 27001 Lead Implementer (PECB)
  • Certified ISO 27001 Lead Auditor (PECB)
  • Kontrole informacijske sigurnosti u skladu s ISO 27002
  • Certified ISO 27002 Foundation (PECB)
  • Certified ISO 27002 Lead Implementer (PECB)
  • Certified ISO 27002 Lead Auditor (PECB)
  • Priprema za polaganje CISA ispita (Certified Information Systems Auditor)
  • Preparation for CISA examination (certified information systems auditor)
  • Certified ISO 27018 Cloud Security Manager (PECB)
  • Human Resources Security Foundation (PECB)

You may also be interested in these services and trainings:

Education

Certified ISO 27005 Risk Manager (PECB)

Read more

Education

Internal audit of corporate information security

Read more

Service

Information security systems management

Read more

Service

Corporate information security

Read more

Why ZIH?

ZIH has more than 20 years of extensive experience in shaping the modern organization of business risk management systems, in particular information security and information security system management risks, and closely monitors the development and implementation of standards related to this topic (like ISO 31000, ISO 27005, ISO 27001). It has also successfully carried out a number of risk assessments on the use of information technologies, information security risks, the establishment of information security management systems.

Do you want a short presentation or offer?

REQUEST AN INQUIRY

Contact us

Fill out the form and our staff will contact you and arrange a visit or online meeting to find out how we can help you.
We want to share with you our experiences and the latest trends that can help you in your daily business.

Consulting

Strategy and business processes

Digital transformation through Data Management

Risks and compliances

Information security and business continuity

Quality, environment protection and energy efficiency

IT Governance & IT Management

IT services

EU projects

EDUCATIONS

Strategy and business processes

Digital transformation through Data Management

Risks and compliances

Information security and business continuity

Quality, environment protection and energy efficiency

IT Governance & IT Management

IT services

EU projects

EDUCATION CALENDAR

ABOUT US

Partners

ZIH team

ZIH’s Authorities

Reference list

NEWS

BLOG

NEWS

BLOG

CONTACT

Trg Antuna, Ivana i Vladimira Mažuranića 8, 10 000 Zagreb
 
Telefon: +385 1 4855 271
Fax: +385 1 4855 272
E-mail: zih@zih.hr
 
IBAN: HR7423400091100013041
 
OIB: 34774399108

NEWSLETTER

Stay up to date with the news and services we provide
Facebook Youtube Linkedin
Copyright © 2022. ZIH
Pravila privatnosti
Mask Group
iso-9001-bureau-veritas-logo
Iso_Trans_Logo-01
Dizajn i programiranje: Prospekt d.o.o.
Copyright © 2022. ZIH

Privacy policy

Mask Group
iso-9001-bureau-veritas-logo
Iso_Trans_Logo-01
Design and programming: Prospekt d.o.o.