IT Examiner School - Oct 2023
Information Security Program Framework • Provides the means for achieving strategy • Policies/Standards/Procedures/Gui delines • Controls & Control Objectives • Roles and Responsibilities • 3 rd Party Governance • Monitoring/Reporting/Oversight • Auditing/Assurance
13
Information Security Policy
• Security policy • Includes statements of rules or standards. • Policies do not change. • Supports mission statement • Establish roles & responsibilities “Authority” • Approval from highest level of management (BoD) • Outline consequences of non-compliance • Must result in a positive cost benefit!
Security Policy
14
14
Made with FlippingBook - professional solution for displaying marketing and sales documents online