Skip to Main Content
Information Security Policy Development for Compliance
book

Information Security Policy Development for Compliance

by Barry L. Williams
April 2016
Intermediate to advanced content levelIntermediate to advanced
152 pages
4h 9m
English
Auerbach Publications
Content preview from Information Security Policy Development for Compliance
137
Appendix E: Agreed-UponProcedures
(AUPs) V5.0
A. Risk Ma nagement
A.1
A for
mal risk governance program is implemented.
A.2 A formal risk governance program is aligned with the busi-
ness environment.
B. Information Security Policy
B.1
An i
nformation security policy is maintained that includes
the key relevant domains of security.
B.2
An o
rganization should review the information security
policy at planned intervals, at least annually (or if signicant
changes occur), to ensure its continuing suitability, adequacy,
and eectiveness.
B.3
Emp
loyees signify their acceptance of the company’s accept-
able use policy at least annually.
C.
Org
anization
 of In
formation
 Se
curity
C.1 An organization should communicate, get acknowledgment
from, and per ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Writing Information Security Policies

Writing Information Security Policies

Scott Barman

Publisher Resources

ISBN: 9781466580589