Introducing the ISMS Essentials module: a new era in Information Security Management

by | Jan 31, 2025 | CRA, Cyberismo solution, Cybersecurity, ISMS, ISO27001, NIS2

We are thrilled to announce that the first version of the much-anticipated ISMS Essentials content module is now publicly available! This module represents our initial attempt to create an information model for the basics of information security management, and you can find it from our public repository in Github: ISMS Essentials content module.

Traditionally information security management systems are often seen as a collection of documents and controls. Often dependencies between these are far from clear. It might be clear for security specialist that risks are related to assets and controls are related to risks, but we believe that formalising and visualising these connections makes this clear also for others.

This is a starter kit, so it does not include all possible compliance requirements. Regardless, this package provides a solid foundation to get started with NIS2, for instance. It introduces information security management systems as a collection of registers and provides example processes and needed data types for asset, risk and incident management. This opens the door for discussions on how to document risks, incidents, and their interrelationships. This module is not intended to be the “final truth”, but rather a starting point for a conversation. It can be flexibly developed and expanded—preferably in collaboration with you.

Embracing the ‘Security as Code’ Philosophy

We have selected ‘security as code’ approach for Cyberismo. The main reason for this is that we believe that improving security should be a collaborative effort, and as the security community, we should seek ways to create good common baselines that are freely available for everyone. Thus, we have selected flexible ways of presenting information, and then made the the content available in Github to enable wider collaboration. Our approach also brings other benefits, such as structured templates, integrations to different tools and progress metric calculations,

The potential downside is that our solution might seem a bit technical at first glance for traditional information security management personnel. We have to admit that testing the ISMS Essential content module does require a bit of a developer mindset. To help you out, we have created step-by-step instructions for different operating systems in Cyberismo Documentation.

We encourage you to give it a try even if you do not have technical background. By installing Cyberismo and needed content modules, you’ll gain access to a local web interface, which will help you better understand the available data types, workflows, linkages, policy checks, KPI reports, visualisations and so on — much more effectively than just browsing the repository.

Looking Ahead: Secure Development Essentials

Our next step is to introduce a new content module for integrating secure development projects into the information security management system. Stay tuned for the upcoming Secure Development Essentials content module! Using Cyberismo will likely be more intuitive for developers who are accustomed to using Git and command line tools, and their integration to CI/CD toolchains is essential to smoothen the way for adoption of secure practices. Secure Development Essentials will also provide a good foundation towards compliance against Cyber Resilience Act.

We look forward to your feedback and collaboration to make this tool and content modules even better. Let’s work together to enhance information security – not just for you and me, but for everyone!