November 2008
Intermediate to advanced
444 pages
13h 38m
English
Content preview from How to Complete a Risk Assessment in 5 Days or Less
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Gap Analysis ◾ 109
Table 5.7 Gap Analysis Example 3
5 – Security policy
5.1 – Information security policy
To provide management direction and support for information security in accordance with business requirements and relevant
laws and regulations. Management should set a clear policy direction in line with business objectives and demonstrate
support for, and commitment to information security through the issue and maintenance of an information security policy
across the organization.
Class C
ontrol Description PCI — “PCI” DSS Big Company
5.1.1 Information
security policy
document
An information security policy
document should be approved by ...