Information Security Objectives
Assign topic to the user
Information Security Objectives are not only related to confidentiality, integrity and availability, are also related with any improvement that your business hoping to achieve with the implementation of the standard. For example: reduce the number of information security incidentes not registered, improve the client satisfaction, etc.
Usually, the objectives are set at two levels: 1) General ISMS level, and 2) Security controls. Remember that for the point 1) you can use an Information Security Policy. And for the point 2), because as you know it is related to the security controls, you can use the Statement of Applicability. You can see a free version of this document here clicking on "Free Demo" tab: https://advisera.com/27001academy/documentation/statement-of-applicability/
Regarding to the Plan to achieve the objectives, you need the Risk Treatment Plan. Also you can see a free version of this document here clicking on "Free Demo" tab: https://advisera.com/27001academy/documentation/risk-treatment-plan/
Finally, I think that this article can be very useful for you "IS O 27001 control objectives Why are they important?" : https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
Comment as guest or Sign in
Jan 12, 2016