CHAPTER 6:
POLICIES

ISO 27001 requires an organisation to have an Information Security policy. If interviewed you are likely to be asked if you are aware of the existence of the policy and how you help fulfil the aims set out in it. Make sure you know where you can access your organisation’s information security policy and read it now. Think about how you contribute towards achieving the aims stated in the policy.

Another process with which you need to be familiar is that relating to reporting security incidents, such as what do you do if you think your PC has a virus, or if you witness something that you think is a security weakness.