Experience has shown that the following factors are often critical to the successful implementation of
information security within an organization:
a) information security policy, objectives, and activities that reflect business objectives;
b) an approach and framework to implementing, maintaining, monitoring, and improving
information security that is consistent with the organizational culture;
c) visible support and commitment from all levels of management;
d) a good understanding of the information security requirements, risk assessment, and risk
management;
e) effective marketing of information security to all managers, employees, and other parties to
achieve awareness;
f) distribution of guidance on information security policy and standards to all managers,
employees and other parties;
g) provision to fund information security management activities;
h) providing appropriate awareness, training, and education;
i) establishing an effective information security incident management process;
j) implementation of a measurement 1 system that is used to evaluate performance in
information security management and feedback suggestions for improvement.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment