Security levels to have in the company
What are the security levels to have in the company, type initial, medium, advanced? We are implementing information security in the company, and I need to know and understand how the security levels work and what do I need to have to reach each level? Can you help me with information?
Assign topic to the user
First, it is important to note that ISO 27001 does not prescribe levels of security, only that the information is adequately protected.
In this context, what generally occurs is the definition of information classification levels (eg public, restricted, and confidential), which require an increasing order of resources as the classification of information increases. The specific resources to be used will depend on the outcome of the risk assessment and applicable legal requirements.
For more information, see:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
As you mentioned initial, medium and advanced levels, I understand that it is also worth mentioning process maturity, which is also not required by the standard, but which can help in the implementation of the information security management system.
For more information, see:
- Achieving continual improvement through the use of maturity models https://advisera.com/27001academy/blog/2015/04/13/achieving-continual-improvement-through-the-use-of-maturity-models/
Comment as guest or Sign in
Jun 30, 2020