Ready to use prioritized Information Security Management requirements, to:
Be certain that your company establishes architecture oversight and planning for information and network security technologies; leads development of an information security risk management program that includes business, regulatory, industry practices and technical environment considerations; establishes strategic vendor relationships for security products and services; develops enterprise-wide security incident response plans and strategies that includes integration with business, compliance, privacy, and legal constituents and requirements; provides advanced level engineering design functions; provides trouble resolution and serves as point of technical escalation on complex problems. .
- Does your organization have an information security policy and procedural plan (including protective control of data, secure ICT access and documented procedures)?
- Does your organization have procedures for information security incident management that include detection, resolution and recovery?
- Does your organization have an information security implementation strategy as per the risk analysis results that its implementation is undertaken as part of your organizations work plan?
- Does your organization have formal contractual arrangements with all contractors and support organizations that include the responsibilities in respect of information security and confidentiality?
- Does your organization have a policy that details specific employee and contractor responsibilities for information security before granting access to sensitive assets?
- Does your organization have an individual who is accountable for information security and who defines security processes, risk management processes and enforcement vehicles for your organization?
- What certification requirements does the audit organization provide to ensure that the enterprise complies with the ISO/IEC 27001 Information Security Management Framework?
- Does your organization have a strategy for the use of information security technologies that are implemented and updated according to the needs and changes in the risk profile?
- Do you have the right policies and procedures to ensure your data use and information security practices are up to date and allow you to take appropriate enforcement actions when you need to?
- Does your organization have a policy for all employees and contractors to report violations of information security policies and procedures without fear of recrimination?
New to Kanban? Read this
Want to reuse this data? Purchase your license here:
One-time payment for perpetual commercial re-use
Questions? Email us HERE