- Effective information security needs to be part of the culture of the organisation, sponsored and supported by the senior management team, who need to lead and show by example support for the information security policies and the information security management system (ISMS).
- Effective information security needs to be enabler of the organisations goals and also enable the employees to go about their task with no or little hindrance.
- Effective information security will be an evolving process, it will need to take into account changes in the environment. It needs to constantly aligned with the organisations aims and goals, it should adapt to changes in the organisation, it needs to reflect changes in the value of information it is protected and take into account changes in technology.
- Effective information security will be cost effective and provide a return on investment, it can be a cost saver by reducing the impact of incidents and disaster, by reducing the likelihood of the organisation failing to meet legal, regulatory and compliance requirements.
- Plan
- Do
- Check
- Act
For an ISMS to be effective and enable the organisations to achieve its goals and aims, the operation of organisation must be fully understood by those in Information Security. Professionalism will require that in for us to put in place an effective ISMS we should understand what we are trying to achieve, which is not only the protections of the organisations assets but also enabling the organisation to be successful and achieve its goals and aims.
No comments:
Post a Comment