{"id":19975,"date":"2022-03-03T14:53:20","date_gmt":"2022-03-03T14:53:20","guid":{"rendered":"https:\/\/aevar.is\/?p=19975"},"modified":"2022-03-08T10:26:30","modified_gmt":"2022-03-08T10:26:30","slug":"4-1-understanding-the-organization-and-its-context","status":"publish","type":"post","link":"https:\/\/aevar.is\/?p=19975","title":{"rendered":"4.1 Understanding the organization and its context"},"content":{"rendered":"\n<p>The organization shall determine external and internal issues that are relevant to its purpose and that<br>affect its ability to achieve the intended outcome(s) of its information security management system.<\/p>\n\n\n\n<div id=\"section-g38c2ca\" class=\"wp-block-gutentor-e6 section-g38c2ca gutentor-element gutentor-element-image\"><div class=\"gutentor-element-image-box\"><div class=\"gutentor-image-thumb\"><img decoding=\"async\" class=\"normal-image\" src=\"https:\/\/aevar.is\/wp-content\/uploads\/2022\/03\/startup-3267505_960_720-e1646733191191.webp\"\/><\/div><\/div><\/div>\n\n\n\n<p>Workshop to determine external and internal issues that are relevant to its purpose and that<br>affect its ability to achieve the intended outcome(s) of its information security management system.<\/p>\n\n\n\n<p><strong>In a workshop, create a document that will evaluate following items and determine how each and every item can affect the organizations ability to achieve the intended outcome of its the ISMS. Remember that items that affect finance can easily affect information security.<\/strong><\/p>\n\n\n\n<p>Context<\/p>\n\n\n\n<p>Why are we seeking ISO27001 certification?<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Win new business and sharpen your competitive edge<\/li><li>Avoid the financial penalties and losses associated with data breaches<\/li><li>Protect and enhance your reputation<\/li><li>Comply with business, legal, contractual and regulatory requirements<\/li><li>Improve structure and focus<\/li><li>Reduce the need for frequent audits<\/li><li>Obtain an independent opinion about your security posture<\/li><\/ul>\n\n\n\n<p>What are the benefits?<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Secures your information in all forms<\/li><li>Increase your attack resilience<\/li><li>Reduce information security costs<\/li><li>Respond to evolving security threats<\/li><li>Improve company culture<\/li><li>Offers organization-wide protection<\/li><li>Provides a central framework<\/li><li>Protects confidentiality of data<\/li><\/ul>\n\n\n\n<p>What are the internal issues?<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Identify internal issues that may help or hinder the ability to build an effective management system<\/li><li>Technical issues\/challenges<\/li><li>Recourse issues (equipment, knowledge, finance, time, staff)<\/li><li>Knowledge issues<\/li><li>Threats<\/li><li>Risks<\/li><li>Opportunities<\/li><li>Expectations<\/li><li>Demands<\/li><\/ul>\n\n\n\n<p>What are the external issues?<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Identify external issues that may help or hinder the ability to build an effective management system<\/li><li>Market demand<\/li><li>Customer expectations<\/li><li>Image of the organization<\/li><li>External risks<\/li><li>External threats<\/li><li>Job market<\/li><li>Competition<\/li><li>Environment<\/li><li>Stability<\/li><li>Access to knowledge<\/li><\/ul>\n\n\n\n<p><strong>When designing the framework for managing risk, the organization should examine and understand its external and internal context.<br><\/strong><br>Examining the organization\u2019s external context may include, but is not limited to:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>the social, cultural, political, legal, regulatory, financial, technological, economic and environmental factors, whether international, national, regional or local;<\/li><li>key drivers and trends affecting the objectives of the organization;<\/li><li>external stakeholders\u2019 relationships, perceptions, values, needs and expectations;<\/li><li>contractual relationships and commitments;<\/li><li>the complexity of networks and dependencies.<\/li><\/ul>\n\n\n\n<p>Examining the organization\u2019s internal context may include, but is not limited to:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>vision, mission and values;<\/li><li>governance, organizational structure, roles and accountabilities;<\/li><li>strategy, objectives and policies;<\/li><li>the organization\u2019s culture;<\/li><li>standards, guidelines and models adopted by the organization;<\/li><li>capabilities, understood in terms of resources and knowledge (e.g. capital, time, people, intellectual property, processes, systems and technologies);<\/li><li>data, information systems and information flows;<\/li><li>relationships with internal stakeholders, taking into account their perceptions and values;<\/li><li>contractual relationships and commitments;<\/li><li>inter-dependencies and inter-connections.<\/li><\/ul>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Log in here: link<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[182],"tags":[],"class_list":["post-19975","post","type-post","status-publish","format-standard","hentry","category-chapter-4-sub-pages"],"_links":{"self":[{"href":"https:\/\/aevar.is\/index.php?rest_route=\/wp\/v2\/posts\/19975"}],"collection":[{"href":"https:\/\/aevar.is\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aevar.is\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aevar.is\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aevar.is\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=19975"}],"version-history":[{"count":9,"href":"https:\/\/aevar.is\/index.php?rest_route=\/wp\/v2\/posts\/19975\/revisions"}],"predecessor-version":[{"id":20074,"href":"https:\/\/aevar.is\/index.php?rest_route=\/wp\/v2\/posts\/19975\/revisions\/20074"}],"wp:attachment":[{"href":"https:\/\/aevar.is\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=19975"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aevar.is\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=19975"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aevar.is\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=19975"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}