![]() In many cases the executives have no idea as to how information security can help their organization, so the main purpose of the policy is that the top management defines what it wants to achieve with information security. The purpose of Information Security Policy The ISO 27001 Information Security Policy is a mandatory document used to define the leadership and commitment of an organization’s top management to the Information Security Management System (ISMS). What is the Information Security Policy according to ISO 27001? support: commitment with resources to implement and improve information security.communication: to whom this policy needs to be communicated.responsibilities: responsibilities for implementation, maintenance, and reporting of ISMS performance.risk management: reference to the process to select the information security controls. ![]() ![]() requirements section: reference to legal, statutory, and contractual requirements that must be fulfilled.objectives: the general and specific objectives to be achieved by information security.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |