An Information Security Management System (ISMS) is essential for companies to protect their data and comply with legal standards such as the new NIS2 directive. However, it is not just about installing an ISMS tool or obtaining ISO/IEC 27001 certification – this alone is not enough. Rather, what is required is a sophisticated combination of processes and tools that need to be constantly monitored and improved. In addition to typical IT security processes, this also includes solid asset and change management strategies. Even certification is of little value if the processes are not actively implemented.

The talk will explain why a holistic view of ISMS is crucial and how security managers can establish a comprehensive 360° ISMS and ensure its continuous implementa ...