Guest post Created: Jan 12, 2016 Last commented: Jan 12, 2016

Information Security Objectives

Hi friends, Based in ISO 27001:2013, "Information Security Objectives" is referred to 'confidentiality', 'integrity', 'availability', 'non-repudiation', and so on...? Is it true? Additional, How to measure it? And, how would be the plan or framework to achieve them?&quest; Thank you Best regards

0 0

Assign topic to the user

Select user

Guest

AntonioS Jan 12, 2016

Information Security Objectives are not only related to confidentiality, integrity and availability, are also related with any improvement that your business hoping to achieve with the implementation of the standard. For example: reduce the number of information security incidentes not registered, improve the client satisfaction, etc.

Usually, the objectives are set at two levels: 1) General ISMS level, and 2) Security controls. Remember that for the point 1) you can use an Information Security Policy. And for the point 2), because as you know it is related to the security controls, you can use the Statement of Applicability. You can see a free version of this document here clicking on "Free Demo" tab: https://advisera.com/27001academy/documentation/statement-of-applicability/

Regarding to the Plan to achieve the objectives, you need the Risk Treatment Plan. Also you can see a free version of this document here clicking on "Free Demo" tab: https://advisera.com/27001academy/documentation/risk-treatment-plan/

Finally, I think that this article can be very useful for you "IS O 27001 control objectives Why are they important?" : https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community