Description
The organization plans and coordinates security-related activities affecting the information system before conducting such activities in order to reduce the impact on organizational operations (i.e., mission, functions, image, and reputation), organizational assets, and individuals.\n
Supplemental Guidance
Routine security-related activities include, but are not limited to, security assessments, audits, system hardware and software maintenance, security certifications, and testing/exercises. Organizational advance planning and coordination includes both emergency and non-emergency (i.e., routine) situations.\n
Enhancements
(0) None.\n
Compliance Mappings
ISO 17799 (legacy)
15.3.1
COBIT 4.1 (legacy)
None.