Difference between revisions of "ISO"

From Cetbix Documentation
Jump to navigation Jump to search
(Created page with "===How/Where do I start?=== <!--T:2--> <!--T:3--> Management: ISO defines Top Management as: Person or group of people, who directs and controls an organisation at the highes...")
 
(Blanked the page)
Tag: Blanking
 
(10 intermediate revisions by the same user not shown)
Line 1: Line 1:
===How/Where do I start?=== <!--T:2-->
 
  
<!--T:3-->
 
Management: ISO defines Top Management as: Person or group of people, who directs and controls an organisation at the highest level. Note:
 
 
    top management has the power to delegate authority and provide resources within the organisation
 
    if the scope of the management system covers only part of an organisation, then top management refers to those who direct and control that part of the organisation
 
 
    Top management must demonstrate its commitment and determination to implement an ISO 27001 Information Security Management System in your organisation. Without top management commitment, no information security initiative can succeed.
 
 
    To provide evidence of commitment to the development and implementation of an ISMS and continually improve its effectiveness, top management should:
 
    make clear to the organisation the importance of meeting customer, statutory and regulatory requirements,
 
    define the organisation's information security policy and making this known to every member of staff
 
    ensure that information security objectives are established at all levels and for all functions
 
    ensure the availability of those resources required for the development and implementation of the ISMS
 
    lead the required management review meetings
 
    encourage the involvement of all staff
 
    identify and communicate the key objectives to be achieved through the ISMS, such as:
 
        keeping confidential information secure
 
        providing customers and stakeholders with confidence in how we manage risk
 
        allowing the secure exchange of information
 
        ensuring that legal obligations are met
 
        providing a competitive advantage
 
        better managing and minimising risk exposure
 
        raising awareness of security issues
 
 
===Why is there no score or graph?=== <!--T:4-->
 
 
<!--T:5-->
 
The Cetbix ISMS concept is that risk is zero if there are no threats or vulnerabilities, which means that nothing is shown on the graph.
 

Latest revision as of 06:00, 10 December 2021

Retrieved from "https://wikki.cetbix.net/index.php?title=ISO&oldid=134"