Beruflich Dokumente
Kultur Dokumente
• Lack of Documentation
• Failure to Define Specific Roles and Responsibilities in Information Security
• Difficulties in Conducting Regular Management Reviews and Implementing
Suggestions
• Lack of a Comprehensive ISMS Project Plan
• ISMS regarded as a one-off project, rather than a continuous one
• Failure to Obtain Enough Support from Top Management
• Difficulties in Conducting Internal Audit
• Difficulties in Writing Proper Security Policies, Procedures & Guidelines
Determine scope of
Secure Management Create information
the Information
Commitment security organization
Security Program
Identify security
Assess risk Mitigate risk
domains
Audit
– By audience
• Strategic: liability
• Tactical: vulnerability
• Operational: gap:
– By environment:
• Raw,
• Residual
• Accepted
– Technical
• Devices
• Configurations
– Procedural
• Standard operating procedures (SOP’s)
– Temporal
• Domain schedules
– Tasking
• Individually assigned responsibilities
Incorporate
Information
Security
Info Security
Functional Roles Activity matrix
Processes
Security
Output
800.841.9329 x1
info@orangeparachute.com
www.orangeparachute.com