Information Security Events Reported Through Appropriate Management Channels As Quickly As Possible?

3401 Words14 Pages
Section “A” Question 1 1. Are information security events reported through appropriate management channels as quickly as possible? 2. Has a formal information security event reporting procedure been established, together with an incident response and escalation procedure, setting out the action to be taken on receipt of a report of an information security event? 3. Has a point of contact been established for the reporting of information security events? 4. Is it ensured that this point of contact is known throughout the organization, is always available and is able to provide adequate and timely response? 5. Are all employees, contractors and third party users made aware of their responsibility to report any information security events…show more content…
11. Are all employees, contractors and third party users required to report these matters either to their management or directly to their service provider as quickly as possible in order to prevent information security incidents? 12. Is the reporting mechanism as easy, accessible, and available as possible? 13. Are all employees, contractors and third party users informed that they should not, in any circumstances, attempting to prove a suspected weakness? 14. Are management responsibilities and procedures established to ensure a quick, effective, and orderly response to information security incidents? 15. Are there mechanisms in place to enable the types, volumes, and costs of information security incidents to be quantified and monitored? Question 2 The objective of a Stage One audit is to assess the organizations documented procedures and policies against the requirement of the ISO 27001, and to identify and report any short comings prior to the stage two audit. The organization must make the following objective evidence available to the auditor during the stage one audit: •All evidence of internal audits and management reviews that are being planned and performed, and that the level of implementation of management systems substantiates that the organization is ready for the stage 2

More about Information Security Events Reported Through Appropriate Management Channels As Quickly As Possible?

Open Document