Welcome to the eighth issue of The ISO27000 Newsletter, designed to keep you abreast of news and developments with respect to ISO17799 and information security.
The information contained in this newsletter is absolutely free to our subscribers and provides guidance on various practical issues, plus commentary on recent Information Security incidents. In view of recent events, this issue focuses particularly upon business continuity and disaster recovery.
Included in this issue are the following topics:
CSF's: ISO17799 CRITICAL SUCCESS FACTORS
We are sometimes asked which factors are most important for the successful implementation of information security. ISO 17799 itself states these as:
- security policy, objectives and activities that properly reflect business objectives
- clear management commitment and support
- proper distribution and guidance on security policy to all employees and contractors
- effective 'marketing' of security to employees (including managers)
- provision of adequate education and training
- a sound understanding of security risk analysis, risk management and security requirements
- an approach to security implementation which is consistent with the organization's own culture
- a balanced and comprehensive measurement system to evaluate performance in IS management and feedback suggestions for improvement