An Introduction To
Objective: To manage information security within the organisation.
A management framework should be established to initiate and control the implementation of information security within the organisation.
Management commitment to information security
Management should actively support security within the organisation through clear direction, demonstrated commitment, explicit assignment and acknowledgement of information security responsibilities.
Information security co-ordination
In a large organisation it might be necessary to co-ordinate information security measures through a cross-functional forum.
Allocation of information security responsibilities
Responsibilities for the protection of individual assets and for carrying out specific security processes should be explicitly defined.
Authorisation process for information processing facilities
Installation of information processing facilities should be technically approved and authorised.
Specialist information security advice
Specialist advice on information security may be required.
Users of organisational IT facilities and organisational information should sign a confidentiality undertaking either as part of their employment contract or as a separate agreement before access to information processing systems.
Contact with authorities
Contacts with relevant authorities should be maintained to co-operate to combat general security threats.
Contact with special interest groups
Contacts with security specialists and special interest groups should be maintained to co-operate to combat general security threats.
Independent review of information security
Implementation of information security should be independently reviewed.
The Security Practitioner
An Introduction to Information Security