---

The increased dependency of organizations (companies, agencies, associations etc.) on information technology has entailed the growing importance of Information Security, making it a critical success factor. At the same time the complexity of Information Security has increased significantly over the last years and it has furthermore been subject to legal specifications like SOX and EUROSOX. In order to handle the raised demands of Information Security and conform to legal requirements, it is essential for organizations to move away from pure IT security (firewall, anti-virus, etc.) and introduce a solid Information Security Governance, which also emphasizes the responsibility of the board and top management. Central part of an Information Security Governance is the Information Security Management System (ISMS). This book describes the motivation and the necessary steps for the implementation of such an ISMS from a Governance point of view in order to contribute optimally to the success of an organization. Furthermore this book also highlights the significance of certification in the area of Information Security and presents possible achievements (ISO 27001, BSI IT-Grundschutz).

---

Philipp Hämmerle was born and raised in Lustenau, Austria. He studied Computer Science at the University of Applied Science in Vorarlberg and Business Informatics at the Vienna University of Economics and Business. Since 2008 Philipp Hämmerle works as an IT Consultant and IT Project Manager in Vienna.

---