Information Security Management System
Information Security Management System
The purpose of the PAPAI concept is to provide a practical tool and framework for information security management. This promotes the establishment of security in the organization and makes it easier and more efficient to apply expert knowledge from external consultants. By using a well-documented and planned method, you obtain efficient management and a long-term commitment to information security. The contents and structure are adapted to support the certification according to ISO/IEC 27001.
The PAPAI concept consist of a general structure:
Policy - Analysis - Planning - Architecture - Implementation.
The concept is described in a text-book and is implemented by a set of web pages (the PAPAI tree) and tools (the PAPAI Toolbox) on an accompanying CD. The web pages are updated and adapted to the needs of the organization. All documents that are written in the course of the information security projects, can be linked into the PAPAI tree and made available to the organization via intranet.
The material is supported by other services in the PAPAI concept, such as add-on packages and education. The PAPAI structure is then extended by further web pages and documents.
The PAPAI tree describes the information security process using graphic symbols for processes, documents and information flow.
The symbols act as links to documents and more detailed process descriptions.
