Pressenews

• CRISAM Risikomanagement Symposium 2012
• Energiehändler e&t erhebt IT-Sicherheitsbedarf mittels CRISAM®
• Wir suchen mehrere Software-Entwickler (m/w)
• Die Kärntner Landesregierung nutzt CRISAM® - Ein Pilotprojekt mit Überzeugungskraft
• Wir suchen mehrere (Junior) Consultants (m/w)

• Calpana
  • Data & Facts
  • References
  • Press
  • Library
  • Career
• Competence
• Crisam

In the following interview, project leader Christian Pennerstorfer, MSc. reports on his experiences with the implementation and use of CRISAM®.

>>How has the topic of IT risk management been put into practice in the VERBUND-Austrian Power Grid (APG) up to now?
We have been working in a system-related fashion on the basis of Excel up to now.

>>What were the reasons for introducing an ISMS conforming to ISO 27001 using CRISAM®?
With the stored fault tree analysis as per DIN and a rating model, CRISAM® delivers a good total overview of the analysed areas and, furthermore, delivers the key figures necessary for certification. The measures necessary in order to achieve the goal rating are also identified. The CRISAM ® approach model thus represents an optimum tool for evaluating IT risks in the VERBUND-Austrian Power Grid (APG). It was necessary to implement a corresponding method of controlling, monitoring and dealing with the risks.

>>When did the project commence?
The preparations for the project began in early 2007.

>>Which areas of the company were integrated in the implementation?
The entire VERBUND-Austrian Power Grid (APG) company was involved in the certification process.

>>How did you prepare for the audit and what was the procedure?
The CIS stage review began in June 2007, the Stage I review at the beginning of October 2007 The certification audits then took place over the course of October. An essential success factor for an efficient implementation was the CRISAM® ISO compliance reports.

>>What do you consider to be the advantages of certification with CRISAM®?
A big advantage is, on the one hand, the fulfilment in CRISAM® of essential standard requirements and, on the other, the integrated, largely automated ISO reports (SOA, scope, compliance), which saves a great deal of time. Furthermore, CRISAM® supplies essential key figures for the ISMS.

>>What has been of the greatest benefit to your company from the use of CRISAM® up to now?
Through the use of CRISAM®, attention has been drawn to the process view and the dependence of business processes on IT services has been illustrated. Not only that, we have been able to combine CRISAM® very well with the ISO 9000 management system.