The ISO 27002 & ISO 27001 Directory
The ISO 27002 & ISO 27001 Directory |
|
|
Information Security Policies A stated objective of ISO 27002 is "To provide management direction and support for information security in accordance with business requirements and relevant laws and regulations. Management should set a clear direction in line with business objectives and demonstrate support for, and commitment to IS with the issue and maintenance of an information security policy across the organization". This is very clear, and possibly raises many questions: Do you have a comprehensive set of of information security policies? Are they aligned with ISO 27002? Are they up to date in their coverage? It is important that these matters are confronted early and directly. As this portal evolves, we will identify key resources and templates which will assist. Note that the ISO 27002 Toolkit (see left hand panel) contains a fully aligned set of policies.
A couple of definitions from Wikipedia: "A computer security policy defines the goals and elements of an organization's computer systems." "A network security policy is a generic document that outlines rules for computer network access, determines how policies are enforced and lays out some of the basic architecture of the network security environment"
Return to the ISO 27002 Home Page
|
|
|
