As the organizations grow in size and complexity, managing the scope of the information security systems and integrating existing processes and systems into the new areas becomes more challenging. These areas could be new products, services, locations, people, departments, functions, innovations, tools or even entities or companies.
What is going well?
The analysis of results identified that the top two areas of strength for ISMSs were:
1. Top management’s involvement and commitment to improve information security and cybersecurity
Across organizations, top management has consistently shown involvement and commitment to the management of information security and cybersecurity. For example by aligning information security and cybersecurity activities to business objectives or by embedding information security processes within organizational processes. This is consistently true across large, medium and small organizations.