>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SG-04Information Security Program Content

>Control Description

The Chief Security Officer conducts a periodic staff meeting to communicate and align on relevant security threats, program performance, and resource prioritization.

Theme

Process

Type

Preventive

Policy/Standard

Information Security Management Standard

>Implementation Guidance

1. Ensure that a process is defined and documented for conducting periodic staff meetings with the Chief Security Officer. 2.Ensure that the meeting agenda consists of security threats, Information Security Management Program Performance and Resource Prioritization.

>Testing Procedure

1. Inspect and validate that a process is defined and documented for conducting periodic staff meetings with the Chief Security Officer. 2. Validate that the meeting agenda consists of security threats, Information Security Management Program Performance and Resource Prioritization for sample quarters.

>Audit Artifacts

E-SG-01
E-SG-15

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

NIST CSF
2

ID.AM-3
PR.IP-8

ISO 27001
11

5.1
5.1(e)
5.1(f)
5.1(g)
5.1(h)
6.2(b)
+5 more

ISO 27002:2022
2

5.35
8.26

FedRAMP Rev 5
5

AT-01
CA-06
IA-01
PL-02
SA-02

PCI DSS
2

12.4.2
12.4.2.1

HIPAA Security Rule
1

164.308(a)(5)(ii)(A)

SOC 2
2

CC1.3
CC3.1

BSI C5
3

COM-01
OIS-05
SP-01

TX-RAMP
4

AT-1
CA-6
IA-1
PL-2

Ask AI

Configure your API key to use AI features.