objectives in the policy document
Assign topic to the user
Information security objectives should be no different from the ISMS objectives, however you could have different interpretation of these terms:
1) "information security objectives" could be interpreted as a generic term for any kind of objectives related to information security, whereas
2) "ISMS objectives" could be interpreted as top-level information security objectives for your overall ISMS - usually, these are the ones set in the top-level Information Security Policy
This means you could also have lower-level information security objectives for your processes, controls, departments, etc.
This article can also help you: ISO 27001 control objectives Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
Dejan,
thanks for your response. If put it simple, isn't one of the key objective of ISMS to ensure the InfoSec objectives reached? In my understanding these two terms differ and therefore the objectives differ. what do you think?
Regards,
Vahagn
The purpose of the Information Security Management System is to achieve information security by protecting the confidentiality, integrity and availability of information. Therefore, ISMS and information security are not two different things: ISMS explains how you manage your information security - this is why in practice there is no difference.
For example, you could have this objective: decrease the number of incidents by 20% in year 2015. But how would you differ whether this is an ISMS objective, or information security objective?
Comment as guest or Sign in
Jan 12, 2016