Content library
Katakri 2020
T-01: JOHDON TUKI, OHJAUS JA VASTUU – TURVALLISUUSPERIAATTEET

How to fill the requirement

Katakri 2020

T-01: JOHDON TUKI, OHJAUS JA VASTUU – TURVALLISUUSPERIAATTEET

Task name
Priority
Status
Theme
Policy
Other requirements
Information security policy -report publishing, informing and maintenance
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Cyber security management
requirements

Task is fulfilling also these other security requirements

T01: Turvallisuusperiaatteet
Katakri
8.1: Operational planning and control
ISO27k1 Full
5.1.2: Review of the policies for information security
ISO27 Full
5: Information security policies
ISO27 Full
5.1: Management direction for information security
ISO27 Full
1. Task description

The organization has an information security policy developed and approved by top management. The policy shall include at least the following:

  • the basis for setting the organization’s security objectives
  • commitment to meeting information security requirements
  • commitment to continuous improvement of the information security management system

In addition, the task owner shall ensure that:

  • the is appropriate for the organization's business idea
  • the policy is communicated to the entire organization
  • the policy is available to stakeholders as appropriate
Management commitment to cyber security management and management system
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Cyber security management
requirements

Task is fulfilling also these other security requirements

24. Responsibility of the controller
GDPR
7.2.1: Management responsibilities
ISO27 Full
7.2.2: Information security awareness, education and training
ISO27 Full
5.1.1: Policies for information security
ISO27 Full
ID.GV-1: Cybersecurity policy
NIST
1. Task description

The organization's top management must demonstrate a commitment to cyber security work and the management system. Management commits to:

  • defining the frameworks or other requirements that form the basis for work (e.g. customer promises, regulations or certificates)
  • determining the resources needed to manage security
  • communicating the importance of cyber security
  • ensuring that the work achieves the desired results
  • promoting the continuous improvement of cyber security

Top management also decides the scope of the information security management system and records the decision in the description of the system. This means, for example, whether some parts of the organisation's activities or information are excluded from the scope of the management system, or whether it applies to all information / activities of the organization.

Adequate security principles of the organisation in terms of classified information
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Cyber security management
requirements

Task is fulfilling also these other security requirements

T-01: JOHDON TUKI, OHJAUS JA VASTUU – TURVALLISUUSPERIAATTEET
Katakri 2020
1. Task description

Top management of the organization is responsible for:

  • the organization having security principles approved by top management, which describe the connection of the organization's information security measures to the organization's operations
  • the security principles being comprehensive and appropriate in terms of protecting classified information
  • these security principles guiding information security measures
  • the organization having organized sufficient monitoring of compliance with obligations and instructions related to information management of security-classified information.
No items found.