CHAPTER 5: BASELINE SECURITY CRITERIA
Step five is a straightforward one; it looks at the information security controls that you already have in place, assesses them for adequacy and incorporates them into your ISMS.
As I’ve said earlier, most organisations will have made a number of decisions about risks before even starting the ISO 27001 project (they have, after all, been in business for a time, dealing with threats and vulnerabilities for real) and will also have implemented a number of controls in order to comply with statutory, regulatory or contractual requirements. The organisation has to decide how it incorporates these existing controls into its ISMS and its risk assessment methodology.
The requirement is to implement controls that ...
Get Nine Steps to Success: An ISO27001:2013 implementation overview now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
