Guest
Information security policy review
How do information security incidents impact information security policy (approved by Top Management)?
Assign topic to the user
Expert
Rhand Leal
Dec 28, 2022
Depending upon the quantity and severity of information security incidents, you should review some elements of the Information Security Policy, such as:
- risk management: are the process steps and acceptance criteria properly defined?
- responsibilities: responsibilities for implementation, maintenance properly assigned
- support: all required resources to implement and improve information security are available
Please note that in most cases the information security incidents will point to minor adjustments in specific controls or processes.
For further information, see:
- What is the ISO 27001 Information Security Policy, and how can you write it yourself? https://advisera.com/27001academy/blog/2016/05/30/what-should-you-write-in-your-information-security-policy-according-to-iso-27001/
Comment as guest or Sign in
Dec 28, 2022
Dec 28, 2022
Dec 28, 2022