Understand the organization and its context: ISO / IEC 27001

The organization must determine the external and internal contexts that are relevant to its purpose and that affect its ability to achieve the desired result of its Information Security Management System .

Before starting the design and implementation of the risk management framework, it is important to assess and understand the external context and the internal context of the organization, since both can significantly influence the design of the framework.

Internal context

The internal context is the internal environment in which the organization supports itself to achieve its objectives. The risk management process should be aligned with the culture, processes, structure and strategy of the organization. The internal context is made up of everything that within the organization can influence the way an organization manages its security.

This context should be established, since:

1.            Risk management is done in the context of the organization's objectives.

2.            The objectives and criteria of a specific project, process or activity should be considered in light of the objectives of the organization as a whole.

3.            Some organizations do not recognize all the opportunities that allow them to achieve their objectives in terms of strategy, project or business, and this affects the continuity of commitment, credibility, trust and values of the organization.

It may include:

1.            The government, the organizational structure, functions, and accountability.

2.            The policies, objectives and strategies that are established to achieve it.

3.            Capabilities, understood in terms of resources and knowledge (for example: capital, time, people, processes, systems and technologies).

4.            Information systems, information flows and decision-making processes (both formal and informal).

5.            The relationships, perceptions, and values of internal stakeholders.

6.            The culture of the organization.

7.            The standards, guidelines and models adopted by the organization.

8.            The form and extent of the contractual relationships.

External context

The external context is the external environment in which the organization seeks to achieve its objectives. Understanding the external context is important to ensure that the objectives and concerns of external stakeholders are taken into account when developing risk criteria. The external context is based on the context at the organization level, but with specific details of legal and regulatory requirements, with the perceptions of interested parties and with other specific risk aspects of the scope of the risk management process.

Assessment of the organization's external context may include, but is not limited to:

1.            The social and cultural, political, legal, regulatory, financial, technological, economic, natural and competitive environment, at the international, national, regional or local level.

2.            The factors and trends that have an impact on the organization's objectives.

3.            Relationships with stakeholders, their perceptions and their values.

Understand the needs and expectations of stakeholders

The enormous importance of stakeholders , which can include shareholders, authorities, even the Government, through legal and regulatory requirements, are recognized in a separate clause that specifies that all stakeholders must be on the list, along with all your requirements.

For this, the organization must determine:

1.            Stakeholders that are relevant to the Information Security Management System.

2.            The requirements of these stakeholders relevant to computer security. These requirements, aligned with the applicability statement, will give a complete overview of the applied control framework and its justification.

If your company has a large number of customers (such as a cable TV company), you can group them under the name of customers.

 

Popular posts from this blog

Government defense and security

Image
    Computers in government office speed up these tasks because they contain a lot of software, such as word processing software, PPTs, spreadsheets, and database administration programs. Computers are used by all government departments in their daily working life for different purposes such as booking tickets in railway services, recording cases in police stations, checking traffic lights, etc., to complete tasks quickly and efficiently. Government organizations depend on computer and Internet technologies to respond quickly to thousands of residents' requests. Computer and online systems allow different government authoritie to respond immediately to the various demands of businesses and other organizations. State department use computers to distribute salaries, grants, scholarships, health insurance to respective citizens of society. The government regularly hires IT administrators to maintain various types of records. These records are kept in large database, which...
Read more

Benefits & Limitations of Laptops

Image
Users often ask whether they should choose a laptop or a desktop. The answer is, it really depends on IT practices and the day-to-day responsibilities of users. Laptop are more expensive, so we want to make sure that users who request a laptop make good use of it. For example, if you are someone who need to travel, whether on campus or traveling off campus, a laptop is a good option for you. For example, professors, vice-presidents, principals, or anyone who attends many meetings where they want to access their applications and files or take notes through their computer. In addition, coaches, admissions counselors, and development officers can make good use of a laptop. On the other hand, users who mostly perform their tasks at their desks and rarely travel would benefit more from a desktop with more resources and larger screens. Benefits: Unsurprisingly, the main advantage of a laptop is its portability. Those traveling for work or attending regular campus meetings can bring their...
Read more

COMPUTERS AND OUR LIVES: HOW HAVE COMPUTERS CHANGED OUR LIVES?

Image
   Computers and their uses have developed rapidly and widely throughout the world. They are used to dealing with many tasks due to their different potentials. It helps to solve the problems that human life encounters in daily life. Therefore, they have more influence in our life. The impact of computer use in our lives is obviously identified as saving money, time and effort. To understand the depth of computer intervention in human life, take a look at developments in communication, education, utility facilities, and healthcare. Computers and our lives: How have computers changed our lives? During the last 3 decades, the computer has been recognized as the most successful and successful invention to solve the problems of human life. Today, where businesses are run, you will find the application of computer use. Look at the education, health, transportation or communications sector, we can see the influence and application of the computer. It is difficult to survive a bus...
Read more