An Information Security Policy is a crucial component of your organisation's governance structure as it sets executive management requirements for Information Security. Your organisational 'policy cascade' shows how policies, standards, procedures and guidelines can be structured to fit in with each other and the organisation's corporate objectives.
Vectra Corporation can assist you with your Information Security Policy and policy cascade by performing a Policy Review. The review is tailored to your needs and can include not just your Information Security Policy but also related policies, procedures, guidelines, standards and directives.
There are a number of standards, policies and guidelines that Vectra uses as a basis for policy review including:
Information Security Management Standards (ISO 27001, AS/NZS 7799)
Corporate Governance of Information and Communication Technology Standard (AS 8015)
Sarbanes-Oxley Act
Control Objectives for Information Technology (COBIT)
Security Guidelines for Australian Government Information Technology Systems (ACSI33)
Information Technology Infrastructure Library (ITIL) Framework
COSO (Committee of Sponsoring Organisations) Framework
Accepted 'best practices'.
Vectra's Information Security team has extensive experience in the area of policy review. These security experts also hold a variety of relevant qualifications including CISA, CISSP, CISM, and 7799 Lead Auditor.
For further information please click here to contact us.
