One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 3498120 |
| Date de publication | 2021-10-11 15:57:00 (vue: 2021-10-11 04:05:21) |
| Titre | ISO/IEC 27002\'s overall and topic-specific information security policies 0/11 |
| Texte |  Clause 5.1 of the forthcoming new 3rd edition of ISO/IEC 27002 recommends two complementary types of information security policies.Firstly: At the highest level, organizations should define an “information security policy” which is approved by top management and which sets out the organization's approach to managing its information security.The policy (singular) should address requirements derived from various sources, and include a bunch of general policy statements, for example laying out the organisation's commitments (as stated by senior management) to satisfy applicable requirements relating to information security, and to improve the information security management system continually. In addition:At a lower level, the information security policy should be supported by topic-specific policies, as needed to further mandate the implementation of information security controls. Topic-specific policies are typically structured to address the needs of certain target groups within an organization or to cover certain security areas. Topic-specific policies should be aligned and complementary to the information security policy of the organization.Topic-specific policies (plural) should be aligned with and support the high-level policy, providing additional details in various areas. The standard lists 11 topics as examples ... and I plan to talk about those day by day through this blog. After that, I'll write about integrating all the policies, including the top one, into a coherent and comprehensive policy suite - taking an holistic/system view of the entire policy structure. So, tune in tomorrow for the first of twelve enthralling episodes! |
| Envoyé | Oui |
| Condensat | after in so 0/11 27002 3rd about addition:at additional address aligned all applicable approach approved are areas blog bunch certain clause coherent commitments complementary comprehensive continually controls cover day define derived details edition entire episodes example examples first firstly: at forthcoming from further general groups high highest holistic/system implementation improve include including information integrating iso/iec its laying level lists lower management managing mandate needed needs new one organisation organization organizations out overall plan plural policies policy policy structure policy” providing recommends relating requirements satisfy security senior sets should singular sources specific standard stated statements structured suite support supported system taking talk target those through tomorrow top topic topics tune twelve enthralling two types typically various view which within write “information |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.