Internal organisation

Objective: To manage information security within the organisation.

A management framework should be established to initiate and control the implementation of information security within the organisation.

Management commitment to information security

Management should actively support security within the organisation through clear direction, demonstrated commitment, explicit assignment and acknowledgement of information security responsibilities.

Information security co-ordination

In a large organisation it might be necessary to co-ordinate information security measures through a cross-functional forum.

Allocation of information security responsibilities 

Responsibilities for the protection of individual assets and for carrying out specific security processes should be explicitly defined.

Authorisation process for information processing facilities

Installation of information processing facilities should be technically approved and authorised.

Specialist information security advice

Specialist advice on information security may be required.

Confidentiality agreement

Users of organisational IT facilities and organisational information should sign a confidentiality undertaking either as part of their employment contract or as a separate agreement before access to information processing systems.

Contact with authorities

Contacts with relevant authorities should be maintained to co-operate to combat general security threats.

Contact with special interest groups

Contacts with security specialists and special interest groups should be maintained to co-operate to combat general security threats.

Independent review of information security

Implementation of information security should be independently reviewed.

An Introduction To Information, Network and Internet Security
Internal organisation Objective: To manage information security within the organisation. A management framework should be established to initiate and control the implementation of information security within the organisation. Management commitment to information security Management should actively support security within the organisation through clear direction, demonstrated commitment, explicit assignment and acknowledgement of information security responsibilities. Information security co-ordination In a large organisation it might be necessary to co-ordinate information security measures through a cross-functional forum. Allocation of information security responsibilities  Responsibilities for the protection of individual assets and for carrying out specific security processes should be explicitly defined. Authorisation process for information processing facilities Installation of information processing facilities should be technically approved and authorised. Specialist information security advice Specialist advice on information security may be required. Confidentiality agreement Users of organisational IT facilities and organisational information should sign a confidentiality undertaking either as part of their employment contract or as a separate agreement before access to information processing systems. Contact with authorities Contacts with relevant authorities should be maintained to co-operate to combat general security threats. Contact with special interest groups Contacts with security specialists and special interest groups should be maintained to co-operate to combat general security threats. Independent review of information security Implementation of information security should be independently reviewed.	The Security Practitioner An Introduction to Information Security
Return To An Introduction to Information Security