FOREWORD
INTRODUCTION
1 SCOPE
2 DEFINITIONS
3 SECURITY CONCEPTS AND RELATIONSHIPS
3.1 SECURITY PRINCIPLES
3.2 ASSETS
3.3 THREATS
3.4 VULNERABILITIES
3.5 IMPACT
3.6 RISK
3.7 SAFEGUARD
3.8 CONSTRAINTS
3.9 SECURITY ELEMENT RELATIONSHIP
4 OBJECTIVE, STRATEGIES AND POLICIES
4.1 ICT SECURITY OBJECTIVES AND STRATEGY
4.2 POLICY HIERARCHY
4.3 CORPORATE ICT SECURITY POLICY ELEMENTS
5 ORGANIZATIONAL ASPECTS OF ICT SECURITY
5.1 ROLES AND RESPONSIBILITIES
5.1.1 Organizational roles, accountabilities and
responsibilities
5.1.2 ICT security forum
5.1.3 Corporate ICT security officer
5.1.4 ICT users
5.2 ORGANIZATIONAL PRINCIPLES
5.2.1 Commitment
5.2.2 Consistent approach
5.2.3 Integrating ICT security
6 ICT SECURITY MANAGEMENT FUNCTIONS
6.1 OVERVIEW
6.2 CULTURAL AND ENVIRONMENTAL CONDITIONS
6.3 RISK MANAGEMENT