The administrative structure of the organization and its relationships with external parties must promote effective management of all aspects of information security for asp.net software company in india. This A6 policy includes maintaining the security of the organization's information processing facilities, its information, any facilities or organization that are managed, communicated to, accessed or processed by external parties. This policy is basically divided into following two mater section:
- Internal Organization
- Mobile Devices and Teleworking
Internal Organization
A structured management framework controls, monitors and directs the implementation of information security as a whole within any Organization.
Organization Structure |
NOTE: This is a generic structure chart (organogram). One should replace it by one describing a particular Organization’s actual management structure for information security.
The text below outlines a generic information security management structure based on ISO 27001 but this should be customized to suit a particular organization’s specific management roles, responsibilities and hierarchies.
Management commitment
Management at each and every level should support security for asp.net software company india within the organization on an active basis with demonstrated commitment, clear direction and explicit acknowledgement of information security responsibilities. Following points could be included:
- Visible support and clear direction for information security initiatives which includes providing appropriate resources for information security controls
- Assurance of formulation, review and approval of appropriate organization-wide information security policy;
- Coordination of information security efforts all over the organization, including committee(s) and designation of information security officer(s)
- Appropriate management controls over new information capabilities, systems and facilities including the planning for the facilities
- Reviews at regular intervals of the effectiveness of information security policy, including updating of the policy as needed and external review as appropriate.
No comments:
Post a Comment