Understanding compliance with documentation
CISOs, with their role of documenting security operations within an organization, need to comply with some guidelines to ensure that the system security documentation is effective. One such standard is ISO 27001.
ISO 27001
This international standard addresses the need for system documentation and provides several controls that need to be instituted in an organization to ensure that the documentation processes are effective. When correctly instituted, these controls ensure two things, as follows:
- That the auditors are satisfied with the controls that have been put in place to safeguard the information assets in the organization.
- That the informational assets are correctly maintained and secured and that the risk of attackers successfully breaching and gaining access to these assets is minimal.
The ISO 27001 is a specification that "provides a model for establishing, implementing, operating, monitoring, reviewing...
