The TWISK® method

Information Security Management SystemTWISK Management Process

With TWISK® you can check on the information security culture of your company regularly. Security awareness is an ongoing process in which we support you.

The TWISK® method is a quality management process that enables a constant and continuous improvement of security awareness and information security culture in your organization. TWISK® has been designed according to the Information Security Management System (ISMS) of the ISO / IEC 27001 standards.

TWISK® is a customised solution for all your needs and company sizes, with a proven track record worldwide with financial institutions, telecommunications companies, government agencies, IT and consulting companies as well as in the high tech industry.


The starting point of the targeted management of information security culture is the measurement of the initial situation to show the current strengths and weaknesses. For this measurement we use different methods:

  1. Survey of the employees
  2. Analysis of the security policy
  3. Interview with those responsible for security

The survey focuses on different parameters that determine the information security culture, such as the system of values, knowledge and perceptions of the employees. It is handled automatically via the Internet and can be performed in a very short time. The analysis of the information security policy provides information on the official values of the organization and required standards of conduct.

The measurement is repeated at regular intervals. This automated evaluation process is also fully supported by TWISK® and shows the changes in the information security culture and security awareness. This gives you a justification for your investment. TWISK® has been designed according to the Information Security Management System (ISMS) of the ISO / IEC 27001 standards.


After the measurement, we work with you to plan the measures designed to improve the security awareness and information security culture. The first item to be defined is how the information security culture should look, and from that, which aspects of the current information security culture should be retained, improved or completely changed (gap analysis). The authoritative document for this definition is an appropriate information security policy.

Built-in TWISK® benchmarking with the best in class also reveals any need for action independent from own requirements.

We then work with you to define the target groups, and to select and prioritize appropriate tools and measures. Planning of these measures is supported in TWISK® by a built-in expert system.


TWISK® - and what it offers you