Back to M1.4.1 - P1 - RESOURCES
The entity should allocate appropriate resources for information security, taking account of:
- A. people, skills, experience and competence
- B. Resources needed for each part of the process to achieve and maintain information security
- C. Specific resources for information security risk management (refer to M2)
- D. Documentation (refer to M1.4.3)
- E. Knowledge and management of competence
- F. Training programs (refer to M3.2)
Top management is responsible for ensuring that the right resources are allocated, and that all resources receive appropriate training. All personnel should have the competence to perform the operations required in the role assigned. The training performed should help all personnel be aware of and understand the meaning and importance of the information security activities they are involved in, and how they can contribute to achieving the objectives of information security.
Back to M1.4.1 - P1 - RESOURCES
