M5.2 COMPLIANCE WITH INFORMATION SECURITY LEGAL REQUIREMENTS
OBJECTIVE
To avoid breaches of any information security legal, statutory, regulatory or contractual obligations
PERFORMANCE INDICATOR
Amount of time and resources spent by the legal department managing legal compliance issues with relation to information security
AUTOMATION GUIDANCE
Compliance automation tools are available for entities of all sizes and complexity. Selection of the appropriate compliance automation tool requires an entity to understand its regulatory environment, the risks it faces, and the maturity levels of its own compliance staff.
RELEVANT THREATS AND VULNERABILITIES
- Breaches of legal requirements
- Unawareness of legal requirements
- Inaccurate identification of legal requirements
APPLICABLE CONTROLS
Followings are controls applicable for this control family.
- M5.2.2 - P4 - INTELLECTUAL PROPERTY RIGHTS (IPR)
- M5.2.4 - P3 -DATA PROTECTION AND PRIVACY OF PERSONAL INFORMATION
- M5.2.5 - P3 - PREVENTIONS OF MISUSE OF INFORMATION SYSTEM
- M5.2.6 - P2 - REGULATION CRYPTOGRAPHIC CONTROLS
- M5.2.7 - P4 -LIABILITY TO THE INFORMATION SHARING COMMUNITY
M5.3 COMPLIANCE WITH NON-TECHNICAL REQUIREMENTS
OBJECTIVE
To ensure compliance with the entity’s information security policies and standards
PERFORMANCE INDICATOR
Percentage of information security management sub-controls that have been implemented
AUTOMATION GUIDANCE
Compliance automation tools are available for entities of all sizes and complexity. Selection of the appropriate compliance automation tool requires an entity to understand its regulatory environment, the risks it faces, and the maturity levels of its own compliance staff.
RELEVANT THREATS AND VULNERABILITIES
- Non-compliance with management requirements
- Inaccurate identification of managerial requirements
- Unawareness of management requirements
APPLICABLE CONTROLS
Followings are controls applicable for this control family.
M5.3.1 - P4 - COMPLIANCE WITH SECURITY POLICIES AND STANDARDS
M5.4 COMPLIANCE WITH TECHNICAL REQUIREMENTS
OBJECTIVE
To ensure compliance of systems with technical security requirements
PERFORMANCE INDICATOR
Percentage of information security technical sub-controls that have been implemented
AUTOMATION GUIDANCE
Compliance automation tools are available for entities of all sizes and complexity. Selection of the appropriate compliance automation tool requires an entity to understand its regulatory environment, the risks it faces, and the maturity levels of its own compliance staff.
RELEVANT THREATS AND VULNERABILITIES
- Non-compliance with technical requirements
- Inaccurate identification of technical requirements
- Unawareness of technical requirements
APPLICABLE CONTROLS
Followings are controls applicable for this control family.
M5.5 INFORMATION SYSTEMS AUDIT CONSIDERATIONS
OBJECTIVE
To maximize the effectiveness of the information systems audit process taking into account NESA guidance in this regard
PERFORMANCE INDICATOR
Percentage of audits interrupted due to operational or security issues
AUTOMATION GUIDANCE
Compliance automation tools are available for entities of all sizes and complexity. Selection of the appropriate compliance automation tool requires an entity to understand its regulatory environment, the risks it faces, and the maturity levels of its own compliance staff.
RELEVANT THREATS AND VULNERABILITIES
- Wrongly performed internal audit
- Incorrect audit outcomes
APPLICABLE CONTROLS
Followings are controls applicable for this control family.
