- 1. Scope of the standard
- 2. How the document is referenced
- 3. Reuse of the terms and definitions in ISO/IEC 27000
- 4. Organizational context and stakeholders
- 5. Information security leadership and high-level support for policy
- 6. Planning an information security management system; risk assessment; risk treatment
- 7. Supporting an information security management system
- 8. Making an information security management system operational
- 9. Reviewing the system’s performance
- 10. Corrective action
- Annex A: List of controls and their objectives.
0 comments:
Post a Comment