|
Post by SecurityPlus on Sept 23, 2015 14:28:22 GMT
3. Use, Adopt and Align to Industry Standards
Security programs should adopt established information security management standards like the ISO/IEC 27000 series and embrace IT standards such as COBIT (Control Objectives for Information Technology - www.isaca.org/), PAS77:2006 - www.bsi-global.com, NIST 800-34 - www.nist.gov and ITIL (Information Technology Infrastructure Library - www.itil.co.uk/; www.itsmf.com/index.asp.) These, of course, should be tailored to meet the optimal needs of the business. While neither perfect nor a panacea, the ISO 17799/ ISO 27001 standard is reasonably widely adopted and well respected. The standard defines components of an information security management program and its associated processes. Its adoption enables companies to leverage existing work in the public domain, and to interoperate with other businesses more effectively and efficiently.----------------------------- This is the main contents. Please refer the original contents. Please comment on regarding modifications of subject, this content and additional content. 1. Category needs to be deleted. 2. Revise Content : If the contents need to be revised, please kindly inform us your opinion in detail. 3. New Proposals
|
|