Meet the regulatory requirements for your IT risk management with protection needs and model the entire information network for your business impact analysis according to BA-IT and MaRisk.
The assessment of business processes according to their protection needs is one of the most important functions of an ISMS. By systematically and completely recording the protection requirements, it is possible to take targeted measures for each process and the IT systems used. In combination with an analysis of the effects of a failure of assets, they can be specifically categorized according to their importance for the business success of the company in order to prioritize the measures to ensure the integrity, availability, confidentiality as well as authenticity of the assets.
- Evaluation of the business processes according to protection requirements
- Evaluation of the business processes with regard to their time criticality in order to identify the processes that are relevant to emergencies
- Naming of the information processed by the process (defined via data classes) and assessment of the protection requirement based on the security objectives of confidentiality, integrity and availability
- Assignment of applications to the processes and data classes and assessment of the emergency relevance (and, if applicable, the individual protection requirement)
- Assignment of emergency-relevant service providers for time-critical processes
- Consideration of dependencies for time-critical processes
- Assignment of evaluations of further emergency-relevant resources
- Automatic update of changes via inheritance to connected assets according to own definition