Content library
Julkri: TL IV-I
HAL-07: Seuranta ja valvonta

How to fill the requirement

Julkri: TL IV-I

HAL-07: Seuranta ja valvonta

Task name
Priority
Status
Theme
Policy
Other requirements
ISMS description and maintenance
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Cyber security management
requirements

Task is fulfilling also these other security requirements

6.3: Planning of changes
ISO27k1 Full
8.1: Operational planning and control
ISO27k1 Full
4.1: Organization and its context
ISO27k1 Full
5.1.1: Policies for information security
ISO27 Full
PR.AT-5: Physical and cybersecurity personnel
NIST
1. Task description

The organization must operate, maintain, and continuously develop a security management system.

The boundaries and scope, contents, role, cumulative implementation information and other necessary descriptive information related to the management system must be clearly documented.

Executing and documenting internal audits
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Cyber security management
requirements

Task is fulfilling also these other security requirements

18.2.1: Independent review of information security
ISO27 Full
12.7: Information systems audit considerations
ISO27 Full
12.7.1: Information systems audit controls
ISO27 Full
ID.GV-3: Legal and regulatory requirements
NIST
HAL-07: Seuranta ja valvonta
Julkri
1. Task description

The organization conducts internal audits in accordance with its internal audit procedure. The aim is to check:

  • whether the information security management system complies with the organisation's cyber security requirements
  • whether the information security management system complies with other operational security requirements or standards complied with
  • whether the information security management system is implemented effectively

Documented information on the execution and results of audits must be kept.

Defining and documenting cyber security metrics
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Cyber security management
requirements

Task is fulfilling also these other security requirements

13 §: Tietoaineistojen ja tietojärjestelmien tietoturvallisuus
TiHL
7.2.1: Management responsibilities
ISO27 Full
HAL-07: Seuranta ja valvonta
Julkri
9.1: Monitoring, measurement, analysis and evaluation
ISO27k1 Full
11: Digiturvan mittarien määrittäminen
Sec overview
1. Task description

The organisation regularly evaluates the level of cyber security and the effectiveness of the information security management system.

Organisation has defined:

  • monitored metrics to provide comparable results on the development of cyber security level
  • persons responsible for the metering
  • methods, timetable and responsible persons for metrics reviewing and evaluation
  • methods to document metric-related evaluations and results

Effective metrics should be usable for identifying weaknesses, targeting resources better and assessing organisation's success / failure related to cyber security.

No items found.