Eureka! Institutional Repository

The critical issue of the security of digital systems is undoubtedly the central subject of interest of a company nowadays. As is immediately understood without proper security management, any company may be confronted with a number of risks that may lead to its malfunction and consequently to a small or greater loss of its credibility, reputation, clientele and perhaps still in legal adventures and judicial penalties. Therefore, companies spend considerable amounts of money on information security that manages and installs various technology solutions such as firewall, antivirus, etc. Apart from these different technological solutions, information security management also includes other components such as individuals and procedures. In our dissertation we present key elements of both the international standard ISO-27001 and the European GDPR Regulation on the security of information in general, managed by a company operating in the field of information technology, namely the production of integrated information systems (IIS) and personal data security in particular. We present a study of an "Information Security Management System" (ISMS) in an operational active company. The implementation and the continuous improvement of an ISMS based on the guidelines and requirements of the standard (ISO-27001) and the Regulation (GDPR) brings the company up-to-date / harmonized and legal in accordance with the current legal framework both in domestic and in European level by strengthening and safeguarding its position vis-à-vis competition on the security of information and its intellectual property rights.