General board level governance document that the non IT Director can understand
Assign topic to the user
Answer:
According to ISO 27001, the top-level document that is intended for executives is the Information Security Policy - this is not a detailed document with all the security rules, but a document that sets general responsibilities, and defines a way to measure the information security performance. To measure the performance, you have to set the general information security objectives, and then measure if those objectives have been achieved.
These articles will help you:
- Information security policy – how detailed should it be? https://advisera.com/27001academy/blog/2010/05/26/information-security-policy-how-detailed-should-it-be/
- ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
Comment as guest or Sign in
Mar 15, 2016