|
We are sometimes asked which factors are most important for the successful implementation of information security.
ISO 17799 itself states these as:
-
Security policy, objectives and activities that properly reflect business objectives
-
Clear management commitment and support
-
Proper distribution and guidance on security policy to all employees and contractors
-
Effective 'marketing' of security to employees (including managers)
-
Provision of adequate education and training
-
A sound understanding of security risk analysis, risk management and security requirements
-
An approach to security implementation which is consistent with the organization's own culture
-
A balanced and comprehensive measurement system to evaluate performance in IS management and feedback suggestions for improvement
|
