Back to M1.1.1 - P1 - UNDERSTANDING THE ENTITY AND ITS CONTEXT
Before starting the design and implementation of information security within an entity, it is important to evaluate and understand both the external and internal context of this entity, since these can significantly influence the design of information security solutions. For the external factors, this activity should include topics such as:
- A. The industry sector, legal, regulatory, financial, technological, economic, political, natural and competitive environment, whether international, national, regional or local
- B. Key drivers and trends having impact on the information security objectives of the entity
- C. Relationships with, and dependencies of, external stakeholders
The evaluation of internal factors should address topics such as:
- A. Governance, organizational structure, roles and accountabilities
- B. Capabilities, understood in terms of resources and knowledge (e.g. capital, time, people, processes, systems and technologies)
- C. Information systems, information flows and decision making processes
- D. Relationships with, and perceptions of, internal stakeholders
- E. The form and extent of contractual relationship
Back to M1.1.1 - P1 - UNDERSTANDING THE ENTITY AND ITS CONTEXT
