That largely depends upon the individual organization. However, ISO27002 does give some guidance, in the form of 'legislative essentials' and 'common best practice' under the IS "starting point" section. These are:
- intellectual property rights
- safeguarding of organizational records
- data protection and privacy of personal information
- information security policy document
- allocation of information security responsibilities
- information security education and training
- reporting security incidents
No comments:
Post a Comment