283. The Board must ensure that an information security management system (ISMS) is developed, implemented and recorded in an appropriate and applicable information security framework. 284. The Board should supervise the information security strategy and delegate and empower management to implement it. 285. The ISMS should include the following high level information security principles – […]