Course
digicode: P2S
ISMS in Practice – IT-Grundschutz & Best Practices
Course facts
Download as PDF- Defining the role of Information Security Officer (ISO)
- Defining key terms such as «compliance», «risk», and «incident» in the context of an ISMS (Information Security Management System)
- Initializing a standard-compliant ISMS in accordance with a proven guide for implementation and optimization
- Analyzing security needs in organizations and projects using best-practice approaches
- Maintaining the IT security concept with appropriate information security measures, as well as their continuous monitoring and improvement in accordance with IT-Grundschutz
- Classifying critical incidents within the framework of emergency planning (e.g., ransomware)
- Learning useful practical tips and tools (templates and AI) for your own implementation
1 Initialization of an ISMS
- Identification of key assets
- Consideration of internal and external conditions
- Definition of information security objectives and protection requirement categories
2 The fundamentals of a security concept in accordance with IT-Grundschutz
- Structural analysis and determination of protection requirements
- Selection of requirements and GAP analysis (modeling)
- Identifying and analyzing extended risks qualitatively and quantitatively
3 Implementing comprehensive security measures in a targeted manner
- Planning security measures in accordance with ISMS/ISDS
- Personnel security measures
- Organizational security measures
- Technical security measures
- Physical security measures
4 Incident and Emergency Management
- Overview of Incident Response
- Overview of Critical Incident Management using ransomware as an example
- Integration into Emergency Management (BCM)
5 Control and monitoring of information security
- Overview of key control and monitoring measures
- Overview of security auditing
- Overview of management review
Component of the following courses
In this hands-on course, you will take on the role of an Information Security Officer and, under the guidance of an experienced expert, go through the key stages of setting up a standards-compliant ISMS. You will actively work with the other participants on the implementation – from initialization and the security needs analysis to the definition of specific security measures based on IT-Grundschutz.
What to expect:
- Hands-on ISMS development: Together, you will initialize an ISMS and develop it step by step using proven methods and practical tools.
- Practical knowledge from the experts: They will share in-depth experiences from real-world projects – including typical challenges, pitfalls, and proven solutions.
- Peer-to-peer exchange: Technical discussions deepen your understanding and facilitate the transfer of knowledge to your own practice.
- IT-Grundschutz as a guide: The BSI standard serves as a structured and proven foundation for building your own security concept.
In this practical course, IT professionals, managers, project leaders, and other interested individuals will acquire the necessary expertise to implement an ISMS, plan a security strategy based on the IT-Grundschutz methodology, and apply what they have learned within their own organizations or projects.
Basic knowledge of information security analogous to the following course:
Please note: In this training, the BSI IT-Grundschutz method is considered. However, the preparation for the certification of the ISMS according to the German BSI IT-Grundschutz or the German KRITIS law is not part of the training.
RDP info
Participants must have a remote desktop client installed on their PC/notebook.
- Under Windows, the official Microsoft client is usually already installed
- macOS users can download the official Microsoft client from the Apple App Store: https://apps.apple.com/ch/app/microsoft-remote-desktop/id1295203466
Important: For security reasons, companies often block a remote desktop connection on business devices and in the company network. It is recommended to participate in the training on a private device and not on the company network. Alternatively, you can clarify in advance with the responsible IT department whether remote desktop connections are possible.