The paper discusses the importance of information security policies within an information security management system (ISMS), including the benefits of using Information Shield publications in obtaining certification against the new ISO 27001 standard. Information Security Policies and ISO 27001 certification
Tag Archives: ISO 27002 Compliance
Part 3. Defined Management Structure To help keep information security policies readable and manageable, it is important to keep the information “level” consistent among the various document types. In other words, it is not advisable to mix policies, procedures, standards and guidelines into your policy documents. An effective approach is to create a policy governance […]
Some organizations still receive little management support or funding for a sound information security policy program. Within the last several years, however, numerous federal, state and international regulations have been passed that require the protection of information. Many organizations are now enhancing their information security policies in response to legal and regulatory requirements. In some […]
Many organizations just getting started with information security policies ask us the question: Should we use ISO 17799 (now ISO 27002) or COBIT? The answer, of course, is that it depends on what you are trying to accomplish. In fact, they are not mutually exclusive, but can be used together. The basic difference between COBIT […]
- 1
- 2