Understanding the organization and its context
Required activity
The organization determines external and internal issues relevant to its purpose and affecting its ability to realize the intended outcome(s) of the knowledge security management system (ISMS).
Explanation
As an integral function of the ISMS, the organization continually analyses itself and therefore the world surrounding it. This analysis cares with external and internal issues that in how affect information security and the way information security are often managed, which are relevant to the organization’s objectives.
As an integral function of the ISMS, the organization continually analyses itself and therefore the world surrounding it. This analysis cares with external and internal issues that in how affect information security and the way information security are often managed, which are relevant to the organization’s objectives.
Analysis of those issues has three purposes:
— Understanding the context so as to make a decision the scope of the ISMS;
— Analyzing the context so as to work out risks and opportunities;
— Ensuring that the ISMS is tailored to changing external and internal issues.
External issues are those outside of the organization’s control. this is often mentioned because the organization’s environment.
— Understanding the context so as to make a decision the scope of the ISMS;
— Analyzing the context so as to work out risks and opportunities;
— Ensuring that the ISMS is tailored to changing external and internal issues.
External issues are those outside of the organization’s control. this is often mentioned because the organization’s environment.
Analyzing this environment can include the subsequent aspects:
a) Social and cultural;
b) Political, legal, normative and regulatory;
c) Financial and macroeconomic;
d) Technological;
e) Natural;
f) Competitive.
These aspects of the organization’s environment continually present issues that affect information security and the way information security are often managed. The relevant external issues depend upon the organization’s specific priorities and situation.
a) Social and cultural;
b) Political, legal, normative and regulatory;
c) Financial and macroeconomic;
d) Technological;
e) Natural;
f) Competitive.
These aspects of the organization’s environment continually present issues that affect information security and the way information security are often managed. The relevant external issues depend upon the organization’s specific priorities and situation.
For example, external issues for a selected organization can include:
a) The legal implications of using an outsourced IT service (legal aspect);
b) Characteristics of the character in terms of possibility of disasters like fire, flood and earthquakes (natural aspect);
c) Technical advances of hacking tools and use of cryptography (technological aspect); and
d) The overall demand for the organization’s services (social, cultural or financial aspects).
e) Internal issues are subject to the organization’s control.
a) The legal implications of using an outsourced IT service (legal aspect);
b) Characteristics of the character in terms of possibility of disasters like fire, flood and earthquakes (natural aspect);
c) Technical advances of hacking tools and use of cryptography (technological aspect); and
d) The overall demand for the organization’s services (social, cultural or financial aspects).
e) Internal issues are subject to the organization’s control.
Analyzing the interior issues can include the following aspects:
a) The organization’s culture;
b) Policies, objectives, and therefore the strategies to realize them;
c) Governance, organizational structure, roles and responsibilities;
d) Standards, guidelines and models adopted by the organization;
e) Contractual relationships which will directly affect the organization’s processes included within the scope of the ISMS;
f) Processes and procedures;
g) The capabilities, in terms of resources and knowledge (e.g. capital, time, persons, processes, systems and technologies);
h) Physical infrastructure and environment;
i) Information systems, information flows and deciding processes (both formal and informal);
j) Previous audits and former risk assessment results.
a) The organization’s culture;
b) Policies, objectives, and therefore the strategies to realize them;
c) Governance, organizational structure, roles and responsibilities;
d) Standards, guidelines and models adopted by the organization;
e) Contractual relationships which will directly affect the organization’s processes included within the scope of the ISMS;
f) Processes and procedures;
g) The capabilities, in terms of resources and knowledge (e.g. capital, time, persons, processes, systems and technologies);
h) Physical infrastructure and environment;
i) Information systems, information flows and deciding processes (both formal and informal);
j) Previous audits and former risk assessment results.
click here for continue blog:- https://www.info-savvy.com/understanding-the-organization-and-its-context/
-----------------------------------------------------------------------------------------------------------------
This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com
Comments
Post a Comment