Chapter 5: Baseline Security Criteria

Step five is a straightforward one. It looks at the information security controls you already have in place, assesses them for adequacy, and incorporates them into your ISMS.

As I said earlier, most organizations will make a number of decisions about risks before even starting the ISO 27001 project (after all, they have been in business for a time, dealing with threats and vulnerabilities for real). They also will have implemented a number of controls in order to comply with statutory, regulatory, or contractual requirements. The organization must decide how it incorporates these existing controls into its ISMS and its risk assessment methodology.

The necessity is to implement controls appropriate for the ...

Get Nine Steps to Success: North American edition - An ISO 27001 Implementation Overview now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Nine Steps to Success: North American edition - An ISO 27001 Implementation Overview by Alan Calder

CHAPTER 5: BASELINE SECURITY CRITERIA

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly