![]() Let’s call this approach a posteriori – because we are assessing the already implemented security strategy. ![]() ![]() Assessment of the organization’s readiness for the information security management process – relating the security policies and technologies to the individual control points in Annex A.Designing the company’s security strategy – by selecting those control points that apply to your organization.The best way to understand Annex A is to think of it as a directory of information security controls from which you can choose – from the 114 control points listed under the 14 domains in the Annex ]. This article provides an understanding of the structure of Annex A and its relationship to the main part of ISO 27001 and ISO 27002. Annex A to ISO 27001 is probably the most famous of all ISO standards – it provides a basic information security risk management tool: a list of security checkpoints (or safeguards) to be applied to improve the security of information assets.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |