The review of IT systems with regard to their security is an actual and important problem. Up to now, no objective basis for reviews existed that made it possible to compare realised IT security with a given standard and assess it accordingly. The ISO/IEC 27001 is an international standard which serves to examine and evaluate IT security and serve as a basis for intended certifications.
In contrast to other evaluation systems, the ISO/IEC 27001´s fundamental aim is to set up a testing standard for the management of IT security. This means that instead of testing every single application or hardware device, every sub-system and every file for specific risks, caused by threats or risk potentials, the weak points of IT systems and the management of IT security are considered. The ISO/IEC 27001 offers testing standards for the following fields:
Our computer based check system has modernized and formally revised the ISO/IEC documents to make them suitable for reviews on a systematic basis.
With the aid of the computer supported tool system we have developed - its structure analogue to the ISO/IEC 27001 - any institution can audit its IT security on its own and so prepare an planned certification.
next page
