The last part of this baseline is short in comparison of the last blog post I made about delivery and support.
Monitor and Evaluate
Monitor the processes-assess internal control adequacy
Regularly monitor the performance of information (security).
1. Have key staff periodically:
- Asses adequacy of security controls compared to defined requirements and in light of current vulnerabilities.
- Reassess what security exceptions need to be monitor on an ongoing bases.
- Evaluate how well the security mechanisms are operating and check for weaknesses such as intrusion detection, penetration and stress testing and testing of contingency plans.
- Ensure that exceptions are acted upon.
- Monitor compliance to key controls.
Obtain independent assurance
Gain confidence and trust in security through reliable and independent sources.
2. Obtain, where needed, competent external resources to review the information (security) control mechanisms; assess compliance with laws, regulations and contractual obligations relative to information security. Leverage their knowledge and experience for internal use.
Here are the 2 previous posts on this subject. If you liked these and thought they where helpful in any shape or form. Please let me know! And I will continue with stuff like this. The format can change as the subjects change.