Search in ISMS Guides


Sunday, July 29, 2007

0.7 Critical success factors

Experience has shown that the following factors are often critical to the successful implementation of
information security within an organization:
a) information security policy, objectives, and activities that reflect business objectives;
b) an approach and framework to implementing, maintaining, monitoring, and improving
information security that is consistent with the organizational culture;
c) visible support and commitment from all levels of management;
d) a good understanding of the information security requirements, risk assessment, and risk
e) effective marketing of information security to all managers, employees, and other parties to
achieve awareness;
f) distribution of guidance on information security policy and standards to all managers,
employees and other parties;
g) provision to fund information security management activities;
h) providing appropriate awareness, training, and education;
i) establishing an effective information security incident management process;
j) implementation of a measurement 1 system that is used to evaluate performance in
information security management and feedback suggestions for improvement.

No comments: