CHAPTER 3: STEP 3 – REVIEW THE INFORMATION SECURITY POLICY
As previous stated, there are six high-level and twelve sub-level objectives, and ironically, the final objective is the starting point of our compliance programme. Before engaging in the gap analysis and risk analysis process, it is important to understand what is contained and implied within the existing information security (IS) policy and what is required from the supporting policies and procedures i.e. anti-virus policy, user acceptance policy, HR vetting process and change management procedure.
This short but highly significant policy and its family set should be comprehensive and succinct as it will help you build the foundation for a comprehensive and effective information security ...
Get PCI DSS: A Practical Guide to implementing and maintaining compliance, Third Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
