Guest
Information Security Plan
<I need guidance on the preparation of the Information Security Plan. It would basically be what is an Information Security Plan and what is its structure.
Assign topic to the user
Expert
Rhand Leal
Feb 25, 2023
In the context of ISO 27001, the “Information Security Plan” is the Risk Treatment Plan, where you define all actions necessary to treat the relevant risks.
Before developing the Risk Treatment Plan, you need to several steps. For detailed information, see:
- ISO 27001 implementation steps https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
To develop the Risk Treatment Plan itself you should consider these steps:
- definition of security controls to be implemented
- who is responsible for implementing them
- what are the deadlines for the implementation
- which resources are needed (i.e. financial and human)
- how the results will be evaluated
This article will provide you with further explanation about implementing the Risk Treatment Plan:
- Risk treatment https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment
These materials will also help you:
- Preparations for the ISO Implementation Project: A Plain English Guide https://advisera.com/books/preparations-for-the-iso-implementation-project-a-plain-english-guide/
- ISO 27001 Free online training ISO 27001 Foundations Course http://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Feb 25, 2023
Feb 25, 2023
Feb 25, 2023