Guest user Created: Sep 27, 2019 Last commented: Sep 27, 2019

Security Master Plan

I owe you a lot and thank you for your informative website. I have a question that baffling my mind. What is a Security Master Plan? Is it relevant to ISMS or 27001? Do we need it during Implementation? Could you explain it to me? I always hear in workgroups that where is your Security Master Plan? And I said we implement controls from ISO 27001 and this is enough. Am I right?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Sep 27, 2019

Security Master Plane is not a concept used by ISO 27001, but considering the following definition from SGW Consulting:

"The Security Master Plan" is a document which comprises of a report, drawings, and illustrations that set out the organization's security strategies, goals, plans, policies, and procedures. It is used to provide a detailed outline of the security risks and mitigation plans agreed between stakeholders."

The closest ISO 27001 related documents are:
- Risk assessment and risk treatment report: outline of the security risks
- Statement of applicability: plans, policies, and procedures
- Risk treatment plan: security strategies (i.e., treatment options)

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Sep 27, 2019

Expert Advice Community