ISO27001 / ISO27002 A Pocket Guide

CHAPTER 15: CHECK AND ACT

Clause 4.2.3 of the standard is all about monitoring and review. It contains the requirement for management to be actively involved in the long-term management of the ISMS while recognising the reality that the information security threat environment changes even more quickly than the business environment. This clause deals, broadly, with three types of activity: monitoring, auditing and reviewing.

Monitoring

The purpose of monitoring activity is primarily to detect processing errors and information security events quickly so that immediate corrective action can be taken. Monitoring should be formal, systematic and widespread. Security category A.10.10 (monitoring) contains controls that are specifically related to monitoring ...

Get ISO27001 / ISO27002 A Pocket Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ISO27001 / ISO27002 A Pocket Guide by

CHAPTER 15: CHECK AND ACT

Monitoring

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly