The control objective is to ascertain whether adequate security control have been implemented to secure business assets. The assessment approach adopted starts with review of people, process & technology and the Information Security Management framework
- Assess information security culture in enterprise
- Review HR on-boarding process controls are adequate
- Review of Information Security Awareness policy & practices
- Review Internal control measures to identify operational errors are adequate
- Corrective actions are monitored and reported
- Asses technology implemented
- Enterprise Information Assets are properly accounted for
- Network architecture hosting the enterprise information Assets is as per organisations risk appetite
- Enterprise security architecture is build to defend cyber attack thorough the cyber security concepts of defence in depth, and layered network defence
- Enterprise Security architecture has considered using cost saving techniques like network segmentation, placing protection to information assets based on Asset classification and value to organisation