Appendix A

Baseline Controls for Information Security Mapped to ISO

Tables A.1 through A.10 list 20 baseline controls for each of 10 vital areas of information security, mapped to ISO:

Table A.1

Baseline Controls for Personnel Security

DescriptionISO 17799:2005
Personnel Policies and Practices

1. Overall, management policies and practices demonstrate a genuine concern for personnel welfare, professional development, security, and safety (ISO 17799 3.1).

5.1

2. “Adherence to security policies and procedures” is a measured line item in annual individual personnel reviews (ISO 17799 6.1).

8.1

3. Salaries and fringe benefits are kept competitive with those of other companies in the area and the industry.

4. All newly hired network and system users are given ...

Get Secrets Stolen, Fortunes Lost now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.