a six. Organization of information security
in this lesson will cover an understanding of control, said a six
and look at some of the documentation that could be used to support your dismiss.
This control area is one that can assist in assure ensuring that there are structures in place to appropriately manage and support your information security program.
You're ordered specifically now. Your isom s certification ordered
will depend on which controls you have marked is applicable in your statement of applicability.
There are two control sets
the first one being a 6.1 internal organization.
This consists of five controls
information security roles and responsibilities.
This control basically stipulates
that for your information security roles,
these are formally defined
and have explicit responsibilities defined
and allocated to personal.
Segregation of duties
stipulates that appropriate segregation of duties between conflicting or sensitive roles within your organization
A 6.1 point three contact with authorities
This control stipulates that were appropriate.
Sufficient contact with authorities
forensic investigation units
Whoever needs to support you from a authoritative point of view
during a cyber security incident.
contact with special interest groups.
This control pertains to maintaining
contact with groups or forums or other forms off information gathering specific to your industry and cybersecurity as a whole.
It is a way to use specialized information sources to ensure that you are on the top of your information security game.
information security in project management.
This control stipulates
that regardless of the project type
information, security should be included in the project management process.
Different project projects work with different types of information
and many stakeholders, so ensuring that information security is appropriately included in your project management processes
The second control set is a 6.2
which relates to mobile devices and teleworking.
This consists of two controls,
the first one being a 6.2 point one.
The mobile device policy,
which is in essence a policy that stipulates how your organization manages mobile devices,
whether you have a company own device policy or a bring your own device policy,
whatever the case is
pretends to teleworking
on this Control Said stipulates that if your company permits teleworking,
that the relevant policy and any supporting procedures and guidelines must be established
to ensure that teleworking is performed in a secure manner.
So your information security roles and responsibilities are normally documented in your job descriptions,
vacancy notices, various policies and contracts of employment.
You can also define roles and responsibilities in a racy matrix
for your contact with authorities and contact with special interest groups.
Have a formal document containing contact details,
business cards, membership certificates,
diaries of meetings and whatever. This can provide evidence of your professional contacts.
In this video, we covered the to control areas that make up control, set a six