ISIS12 Procedure Model

An information security process is a recurring process which has to be involved in a company to ensure information security. ISIS12 describes a procedure to support the company with this. The implementation includes the 12 steps of the ISIS12-model, that is divided into the following phases:

Phase 1: Initialization

  • Step 1: Create a guideline
  • Step 2: Sensitise the employees

Phase 2: Determination of the organisational structure and process organisation

  • Step 3: Build an information security team
  • Step 4: Define the structure of IT documentary
  • Step 5: Introduce an IT-Servicemanagement-Process

Phase 3: Development and Implementation of the ISIS concept

  • Step 6: Identify critical applications
  • Step 7: Analyse the IT structure
  • Step 8: Modelling of security measures
  • Step 9: Target-actual comparison
  • Step 10: Plan the realisation
  • Step 11: Realisation
  • Step 12: Revision