Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate from it, part of some compliance or risk department, etc. But, before we determine who should be handling information security and from which organizational unit, let’s see first the conceptual ...
The post Where does information security fit into a company? appeared first on 27001Academy.
Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate from it, part of some compliance or risk department, etc. But, before we determine who should be handling information security and from which organizational unit, let’s see first the conceptual ...
The post Where does information security fit into a company? appeared first on 27001Academy.
Information security professionals who are new in ISO 27001 very often tend to think this standard requires a very centralized and very detailed definition of roles and responsibilities. Actually, this is not true. Please don’t get me wrong: assigning and communicating roles and responsibilities is important, because that is how all employees in ...
The post How to document roles and responsibilities according to ISO 27001 appeared first on 27001Academy.
Information security professionals who are new in ISO 27001 very often tend to think this standard requires a very centralized and very detailed definition of roles and responsibilities. Actually, this is not true. Please don’t get me wrong: assigning and communicating roles and responsibilities is important, because that is how all employees in ...
The post How to document roles and responsibilities according to ISO 27001 appeared first on 27001Academy.