CASE STUDY

Models and processes for structured risk management according to ISO 27000

The property company needed to strengthen its security protection. Among other things, by making use of the three perspectives of people, processes and technology, Ekan's consultants created a follow-up information security structure based on ISO 27001 and 27002.

The client: One of Sweden's largest property companies with high requirements for information security due to the function of the properties.

The challenge: An effective and adapted security protection. To raise awareness of the importance of good information security at all levels in the company, from the board to the individual.

Our solution: A platform for how information security should be handled from policy at board level to training employees in everyday situations. Taking advantage of the three perspectives of people, processes and technology with the support of ISO 27001 and 27002 creates a follow-up structure to continue developing in which risk analyzes are a valuable tool for finding improvement activities.

Results of the effort: A mature, conscious and structured management of information/function to develop further as new requirements/needs arise - internally or externally. An organization, information security officer with associated information security forum including models and methods, in place to deal with new challenges in the field.