We're creating a single website for everything to do with BIS but, while we do that, you'll find information in three places. > Find what you're looking for
The Information Security Standard ISO/IEC 27002 is divided into eleven main sections. Section 4 is Human Resources.
This covers aspects of job definitions and resourcing, to reduce the risk of human error and ensure that staff understand what their rights and responsibilities are concerning information security.
Most organisations require staff to keep client information confidential. They also ask staff to report security incidents and perceived weaknesses.
Appropriate personnel security ensures:
It must deal with rights as well as responsibilities, for example:
Staff training is an important feature of personnel security to ensure the Information Security Management System (ISMS) continues to be effective.
Periodically, refreshers on less frequently used parts of the Information Security Management System (ISMS), such as its role in disaster recovery plans, can make a major difference when there is a need to put the theory into practice.
Use links below for further information:
ISO/IEC 27002 Section 1
ISO/IEC 27002 Section 2
ISO/IEC 27002 Section 3
ISO/IEC 27002 Section 5
ISO/IEC 27002 Section 6
ISO/IEC 27002 Section 7
ISO/IEC 27002 Section 8
ISO/IEC 27002 Section 9
ISO/IEC 27002 Section 10
ISO/IEC 27002 Section 11
ISO/IEC 27002 Explained
If you would like more background information about information security standards follow this link.