Information Security Objectives and Planning to Achieve Them Part 2

Video Activity
Start your free 3-day trial and become one of the 3 million Cybersecurity professionals advancing their career goals
Sign up with
OR

Already have an account? Sign In »

Time
7 hours 56 minutes
Difficulty
Intermediate
CEU/CPE
8
Video Transcription
00:01
listen four point in
00:03
information, security objectives and planning to achieve it.
00:10
In this video, we will cover
00:13
understanding the I. So 27,001 Close 6.2
00:18
Understanding what makes up a good objective
00:21
as well as the required documentation.
00:28
The I. So 27,000 and one close 6.2 somewhat vaguely calls for the organization to establish information security objectives and plans to achieve them. A drill, a vint functions and levels
00:41
I. So 27,000 and three is a great guidance document on the standard, which gives a bit more detail as to what the clause stipulations actually want to feel free to reference that during your implementation and maintenance processes.
01:00
So the information security objectives that your organization defines must be aligned to the stipulations in the eye. So 27,001 standard
01:10
these stipulations are
01:11
your objectives must be consistent with your information security policy.
01:17
They must be measurable.
01:19
There must be linked to your risk assessments and information security requirements.
01:23
They must be communicated to relevant parties
01:26
and there must be updated when required.
01:30
What these information security objectives, essentially all
01:34
its objectives and actions for the various departments within your organization to work towards achieving
01:41
and monitor the progress of doing so.
01:44
These objectives must obviously support the enforcement off confidentiality, integrity and the availability of information within your organization,
01:53
especially the information that falls directly within the scope of the ice mess.
01:59
Your business objectives, conservative base and your information security objectives could be there to support those business objectives.
02:07
Your information security policy
02:09
would have strategic information security objectives,
02:14
such as ensuring systems are kept operational and available to those that need it with minimal downtime.
02:21
As one of the key components for objective is measure ability
02:24
to make this actionable, it would be tailored to something more like
02:29
systems must be available for 95% of the time,
02:32
with any downtime being restored within a five hour window.
02:38
This can then be assigned to the relevant I T team and monitored on a monthly basis for compliance.
02:45
The subjective helps to satisfy and availability requirement off the organization
02:53
just to repeat that
02:55
a strategic information security objective
02:59
could be in sharing systems are kept operational and available to those that needed with minimal downtime
03:07
because an information security objective
03:10
as per the standard must be measurable.
03:14
They support an actionable objective to support the strategic objective.
03:19
Would be
03:20
systems must be available for 95% of the time,
03:24
with any downtime being restored within a five hour window.
03:30
That's measurable.
Up Next
ISO 27001:2013 - Information Security Management Systems

The ISO 27001:2013 - Information Security Management Systems course provides students with insights into the detail and practical understandings meant by the various clauses in the ISO 27001 Standard.

Instructed By