One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 4275467 |
| Date de publication | 2022-03-14 20:24:00 (vue: 2022-03-14 08:05:24) |
| Titre | Information risk and security management reporting |
| Texte |  Last Thursday, a member of the ISO27k Forum launched a new discussion thread with this poser (lightly edited):"Having recently become an ISMS coordinator, I must prepare a monthly report to management. How does one write an information security report? What should be reported?" Over the weekend we've raised and debated a bunch of ideas, such as a tiered approach, starting at the detailed operational level with effectiveness metrics for the selected information security controls, then aggregating and summarising information for less frequent reports to higher management, emphasising the business perspective (e.g. reporting not just the number of incidents, but a breakdown by severity level mapping to business impacts for senior management). [if gte mso 9]> Normal 0 false false false EN-NZ X-NONE X-NONE MicrosoftInternetExplorer4 [if gte mso 9]> |
| Envoyé | Oui |
| Condensat | over 0cm 0pt; 27002:2022 4pt 4pt; ;annual ;quarterly according acquisitions actions activities add addition addressed again aggregating agree ahead along also alt:0cm alternatively always analysis and/or any anyway appendices approach approaches appropriate are areas as: aside aspects;whatever attributes audiences auditors audits audits;significant avoiding basis become between bigger/existential board breakdown budgets bunch business businesses but capture cited colband colleagues comments completed compliance concerns conflicts contemporaneous continual/daily control controls coordinate coordinating coordinator corrective could course cracks cross current custom customised dealing debated definitions departments deserves detailed details discussion distant does edited effectiveness effort else emphasising enough envisage escalated etc every everything exchanged executive external falling false family: faq fed fewer focus font food formats forum forward frequent from function further gain generalising governance grouping gte has have having hence high higher historical hoc hope horizon horizons how ideas impacts improvement incidents including incorporating information infosec initiatives internal intranet investments;anything involve isms iso/iec iso27k issues its just key last launched layers less level levels lightly lines: longer look looking lower major makes management mapping margin:0cm; may maybe member mergers metrics microsoftinternetexplorer4 mid might misses monthly more most mso msonormaltable must name: near need needs new next none normal noshow:yes; not notes now number objectives occurs one ongoing only operational opportunities organisation original orphan; other outlook own owners padding pagination:widow para parent: particular particularly partners people period period/s perspective planned planning plans planswith plenty plus policies poser possibly preferred prepare presenting preventive priorities priority:99; probably products progress projects projects/initiatives proposals provided raised rational readers recent recently reflects regular regulators related relegated report reported reporting reports require resourcing restructuring risk risks roman routine rowband security selected senior sense serif; set severity should significant similar simply site;monthly situation size:0; size:10 some somehow specialisms specific stakeholders starting status streams stretching structure structuring style styles such suite summaries summarising summary support supporting sure table templates tempted term term/strategic themes then these things thought thread through thursday tiered time times toolkit towards tstyle turn two units use used using various view watchpoints way weekend weekly/monthly welcome well what wider wisdom within worth would write year years your |
| Tags | |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.