Communication of information security
Assign topic to the user
“Can you please clarify where we specify what areas need to be known by what group of people?
For example, the NOC personnel are not involved in Legal Matters (A.18) and vice versa Legal department needn’t know about the Incident Management Procedure (A.16). Our aim is that all employees in Scope must know the Scope Document and the IS Policy very well and then know documents that are relevant to their particular domain.”
Answer: Included in the toolkit you bought there is a template called Training & Awareness Plan that you can use to map and organize the competences required for particular areas/skills and which people need to know them. This template can be found on folder 09 Training and Awareness Plan.
Regarding your example, it is important to note that although NOC personnel is not directly responsible for Legal Matters, they provide an important support for the technical evaluation of solutions t o be implemented. Likewise, legal department should be aware of Incident Management Procedure to ensure evidences are properly handled so they can be legally accepted in case when a legal action is needed. It is important to note that information security requires a multidisciplinary approach to be effective, with different areas working together.
Comment as guest or Sign in
May 07, 2018