Information security behaviour evaluation
Assign topic to the user
Answer: ISO 27001 is perhaps not the best framework to examine the behaviour of employees, however you can use the following clauses as a guideline:
- clause 7.3 (awareness): this clause requires the organization to ensure employees to be aware of the information security policy, their contribution to the the protection of the information a nd performance of the Information Security Management System, and the consequences of information security incidents.
- clause 9.1 requires the organization to monitor, measure, analyse and evaluate security controls and process, including controls directly related to human resources, such as A.7.2.2 (Information security awareness, education and training) and A.8.1.3 (Acceptable use of assets)
By assessing these requirements you can have an overview of the employees information security behaviour (e.g., by the results of an information security policy understanding survey, number of non conformities or security incidents related to employees, etc.).
2 - And the other question is, if this is feasible, is there a check list for this job?
Answer: For this evaluation, I suggest you to take a look at our ISO 27001 Gap Analysis Tool at this link: https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/
This checklist has questions that can help you assess if standard's requirements are being fulfilled.
These articles will provide you further explanation about ISO 27001 awareness:
- How to perform training & awareness for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/05/19/how-to-perform-training-awareness-for-iso-27001-and-iso-22301/
- 8 Security Practices to Use in Your Employee Training and Awareness Program https://advisera.com/27001academy/blog/2015/03/02/8-security-practices-to-use-in-your-employee-training-and-awareness-program/
These materials will also help you regarding ISO 27001 awareness:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jun 14, 2018