ISO

How/Where do I start?

Management: ISO defines Top Management as: Person or group of people, who directs and controls an organisation at the highest level. Note:

   top management has the power to delegate authority and provide resources within the organisation
   if the scope of the management system covers only part of an organisation, then top management refers to those who direct and control that part of the organisation

   Top management must demonstrate its commitment and determination to implement an ISO 27001 Information Security Management System in your organisation. Without top management commitment, no information security initiative can succeed.

   To provide evidence of commitment to the development and implementation of an ISMS and continually improve its effectiveness, top management should:
   make clear to the organisation the importance of meeting customer, statutory and regulatory requirements,
   define the organisation's information security policy and making this known to every member of staff
   ensure that information security objectives are established at all levels and for all functions
   ensure the availability of those resources required for the development and implementation of the ISMS
   lead the required management review meetings
   encourage the involvement of all staff
   identify and communicate the key objectives to be achieved through the ISMS, such as:
       keeping confidential information secure
       providing customers and stakeholders with confidence in how we manage risk
       allowing the secure exchange of information
       ensuring that legal obligations are met
       providing a competitive advantage
       better managing and minimising risk exposure
       raising awareness of security issues 

Why is there no score or graph?

The Cetbix ISMS concept is that risk is zero if there are no threats or vulnerabilities, which means that nothing is shown on the graph.