CHAPTER 7: IMPLEMENTATION
The seventh of the nine steps deals primarily with the implementation of the Risk Treatment Plan – putting in place the selected information security controls. The technical aspects of control implementation – re-configuring firewalls, implementing boot-level encryption on laptops, segregating networks, meeting DPA or PCI compliance requirements, and so on – all depend in the first instance on the competence of those charged with the implementation.
The focal points of this step, therefore, are the competence of those in the information security team, as well as of others across the organisation who will be responsible for documenting processes, for communication about changed processes and controls across the organisation, ...
Get Nine Steps to Success: An ISO27001:2013 implementation overview now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.