Information Security Program
Assign topic to the user
Answer:
An Information Security Program is a collection of the controls that an organization needs to have in place to protect information and keep information security risks at acceptable levels.
Considering that, to create a ISP you should use the templates related to Risk Management, to identify the risks and proper treatments, and use the Statement of Applicability to present the applicable controls and how they will be implemented.
You must note that this will be only part of the ISMS, and that you should consider implementing all other documents to ensure the controls you decided to implement will be monitored periodically and improved or adjusted as needed.
This material will provide you more information:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
Comment as guest or Sign in
Aug 19, 2018