Abstract: . . .  control objectives c) improving available resources/responsibilities Any revision to the policy should obtain management approval. Summary The ISO 17799 is widely becoming a framework for many organizations seeking to implement a comprehensive information security framework. This article . . .
. . .  ISO 17799 offers the following implementation guidelines on what a policy document should contain: a) a definition of information security, its scope and objectives b) a statement of management’s support for security in conjunction with business objectives c) a framework for setting control . . .
. . .  Security Policy clause has one ‘main security category’, followed by two controls. The security policy document should be approved by management and communicated to all employees. Lastly, there should be a planned review of the policy.  . . .
. . .  a review of security policy at ‘planned intervals’ or if ‘significant’ changes occur, to ensure suitability and effectiveness. According to the implementation guidelines for this control, the following should be implemented: a) a policy should have an owner b) the management approved owner . . .
. . .  results from management reviews. Management reviews should also be scheduled and contain inputs from sources such as: a) feedback from interested parties b) feedback from independent reviews c) trends related to threats and vulnerabilities d) reported security incidents e) recommendations provided . . .
--1435,5,144,1739,7174