Information Security Aspects
Assess and monitor confidentiality, integrity, and availability requirements for processes and assets
Meet all asset management requirements of an ISMS
DaIM supports evidence management of all essential controls
Communicate vulnerabilities and educate employees from onboarding to employee exit
DaIM Information Security – The Protection of Operational Assets is an Entrepreneur’s Duty
The digitization of the world of work offers advantages, but also more scope for attack.
In the future, companies will be required to ensure a minimum level of information security when handling customer-relevant information. DaIM – Information Security implements the specific requirements of ISO 27001. As a result, their entire IT infrastructure will be better protected against sabotage, terrorist acts or other potential threats such as industrial espionage in the future.
Integrated Management Systems
DaIM Information Security contains specific extensions for your Information Security Management System (ISMS) according to ISO 27001 or other implemented Information Security Standards (TISAX, VDA, BSI). All known functions of the high level structure in DaIM are also integrated.
Specific Functions in Information Security Management Systems
In asset management, information security assets including mobile device management are inventoried and classified, responsibilities (roles and rights) are regulated, and criticality is classified based on information security aspects.
Vulnerabilities are identified from internal and external sources and monitored in Monitoring. For this purpose, the integration possibilities of Microsoft Graph are used. Workflows automate the reporting and recording of vulnerabilities.
A set of individual policies for administrators and users are provided to employees in the document management system in accordance with the ISO 27001 Annex and distributed via MS Teams.
All information security incidents are recorded and assessed. The reporting chain is automatically triggered and all relevant parties are informed. The upgrading of the incidents is an automatic input parameter for the review. Root cause analysis and action tracking to improve information security is transparently documented.