Overall Goal:<\/h3>\n
Document the risk management process, risk assessment results, risk treatment decisions, selection of controls, objectives and treatment plans.<\/p>\n<\/div>
Deliverables:<\/h3>\n<\/div>- <\/i><\/span>
\n
Information Security Risk Management Process<\/p>\n<\/div><\/li>
- <\/i><\/span>
\n
Information Security Risk Assessment and Treatment Spreadsheets<\/p>\n<\/div><\/li>
- <\/i><\/span>
\n
Information Security Controls Gap Assessment<\/p>\n<\/div><\/li>
- <\/i><\/span>
\n
Preliminary Statement of Applicability<\/p>\n<\/div><\/li>
- <\/i><\/span>
\n
Information Security Management Plan<\/p>\n<\/div><\/li><\/ul>
<\/div>
<\/div>
<\/div>
<\/i>0<\/span> Days<\/span><\/div>To complete<\/div><\/div><\/div><\/div>
<\/div>
<\/div><\/div><\/div><\/div><\/div>
STEP 4: SUPPORT<\/h2>\n<\/div>Overall Goal:<\/h3>\n
Document the resources, competencies, awareness, communication and document management needed to support the information security management plan.<\/p>\n<\/div>
Deliverables:<\/h3>\n<\/div>- <\/i><\/span>
\n
ISMS Budget Review<\/p>\n<\/div><\/li>
- <\/i><\/span>
\n
ISMS Competencies Assessment<\/p>\n<\/div><\/li>
- <\/i><\/span>
\n
ISMS Awareness Review<\/p>\n<\/div><\/li>
- <\/i><\/span>
\n
ISMS Communication Plan<\/p>\n<\/div><\/li>
- <\/i><\/span>
\n
ISMS Document Management Standard<\/p>\n<\/div><\/li><\/ul>
<\/div>
<\/div>
<\/div>
<\/i>0<\/span> to<\/span><\/div>To complete<\/div><\/div><\/div>
<\/i>0<\/span> Days<\/span><\/div>To complete<\/div><\/div><\/div><\/div>
<\/div>
<\/div><\/div><\/div><\/div><\/div>
STEP 5: OPERATION<\/h2>\n<\/div>Overall Goal:<\/h3>\n
Document operational planning as well as control of planned changes, information security risk assessment and risk treatment.<\/p>\n<\/div>
Deliverables:<\/h3>\n<\/div>- <\/i><\/span>
\n
ISMS Manual<\/p>\n<\/div><\/li>
- <\/i><\/span>
\n
Information Security Policies<\/p>\n<\/div><\/li>
- <\/i><\/span>
\n
Updated Information Security Plan<\/p>\n<\/div><\/li>
- <\/i><\/span>
\n
Updated Information Security Risk Assessment and Treatment Spreadsheets<\/p>\n<\/div><\/li>
- <\/i><\/span>
\n
Final Statement of Applicability<\/p>\n<\/div><\/li><\/ul>
<\/div>
<\/div>
<\/div>
<\/i>0<\/span> to<\/span><\/div>To complete<\/div><\/div><\/div>
<\/i>0<\/span> Days<\/span><\/div>To complete<\/div><\/div><\/div><\/div>
<\/div>
<\/div><\/div><\/div><\/div><\/div>
STEP 6: PERFORMANCE<\/h2>\n<\/div>Overall Goal:<\/h3>\n
Document monitoring, measurement, analysis, evaluation, internal audit and management review of the implemented information security program.<\/p>\n<\/div>
Deliverables:<\/h3>\n<\/div>- <\/i><\/span>
\n
Information Security Metrics<\/p>\n<\/div><\/li>
- <\/i><\/span>
\n