ISO 27001 Control A.5

A.5 Security Policies A.5.1 Information Security Policy To provide management direction and support for information security in accordance with business requirements and relevant laws and regulations. A.5.1.1 Information Security Policy Document A set of policies must be defined, approved by management, published and communicated to employees and relevant external parties. The policies must be led by business needs, alongside the applicable regulations and legislation affecting the organisation too. These policies need…

What is ISO 20071:2003?

ISO 27001 is the international standard which is recognised globally for managing risks to the security of information you hold. Certification to ISO 27001 allows you to prove to your clients and other stakeholders that you are managing the security of your information. ISO 27001:2013 (the current version of ISO 27001) provides a set of standardised requirements for an Information Security Management System (ISMS). The standard adopts a process based…

Requirement of GRC

The news headlines continue to report on fines imposed by regulators, a myriad of corporate bribery and fraud, and the challenges of driving business growth. This trend only serves to highlight that despite recent investment in compliance, internal audit, risk management, and corporate governance disciplines, significant assurance gaps exist in most corporations. While isolated incidents of one-time governance failures are bound to occur, long-term systemic failures are more than just…

Enterprise Risk Management

  Risk Management (VRM) allows organizations to proactively manage IT security risks by combining asset business context, actionable threat intelligence, vulnerability assessment results, and comprehensive workflows – More secure organization with proactive management of IT security risks – Accurate identification and prioritization of vulnerability issues – Link audit procedures and results to enterprise risks and controls. – Assign, measure, and report on vulnerability program KPIs

Why asset important for information security management

Asset management There is a lot to know about asset management because it has become more of a necessity for businesses across all verticals. Let’s first understand – what is an asset ?? Anything that has value to the organization is known as asset. Now the question arise who should be the asset owner? Asset owner can normally be a person who operates the asset and make sure that information…