|
Post by SecurityPlus on Sept 23, 2015 14:32:23 GMT
5. Document, Publish and Refine your Processes
If you ask security departments if they have well defined processes for information security they will usually say “Yes.” If you ask them to show you their processes, you will usually find that the “Yes” was somewhat overstated. Unless processes are clearly and unambiguous documented for key business activity, people will always make assumptions and decisions on their own. Much work has been undertaken in other areas of IT in Business Process Management (BPM). Notation standards, process effectiveness measurement techniques and standard executable formats are in widespread use, yet the information security industry has been slow to adopt and adapt.
Organizations should document and publish their information security processes, ideally visually with simple-to-follow flowcharts. Processes should define roles and responsibilities, activities and where appropriate service level agreements (SLAs). By observing and measuring ongoing business activity against these processes, organizations can optimize and refine them to improve performance and reduce cost.
-----------------------------
This is the main contents. Please refer the original contents.
Please comment on regarding modifications of subject, this content and
additional content.
1. Category needs to be deleted.
2. Revise Content : If the contents need to be revised, please kindly
inform us your opinion in detail.
3. New Proposals
|
|