Information Security Management in Financial Services (COMIT AG)

Partner: COMIT AG

Project duration: 05/2009 –

Methods: Expert interviews, surveys, prototyping, advanced statistical methods

Description and results:

The aim of the project is the development and implementation of a consulting support system for supporting consulting projects in the information security management area.
Managing information security became very important in the last years due to the increasing importance of information systems in the supply chain as well as to the increasing number of security incidents. Guaranteeing availability, integrity and confidentiality requires a highly integrated management on different layers ranging from people over systems and processes up to strategy.
This leads to the fact, that offering consulting products for information security management issues is highly complex. On the one hand lots of standards and additional knowledge like the ISO 27000 or the BSI Grundschutz must be considered and on the other hand resources in this field are often limited. This conflict shall be addressed by a new consulting product of the Swiss consulting company COMIT AG. Our support in this project if focused on the development of a consulting support system that saves time and resources without neglecting important investigation subjects. Therefore we are analyzing and refining information security knowledge from business and as well as from academic sources. This combined knowledge will be transferred into a consulting support system to allow the offering of a customer oriented consulting product with benchmarking options.