1 Scope
2 References
3 Terms and definitions
4 Structure
5 Aim
6 Background
7 Management of IT Security
7.1 Planning and Management Process Overview
7.2 Risk Management Overview
7.3 Implementation Overview
7.4 Follow-up Overview
7.5 Integrating IT Security
8 Corporate IT Security Policy
8.1 Objectives
8.2 Management Commitment
8.3 Policy Relationships
8.4 Corporate IT Security Policy Elements
9 Organizational Aspects of IT Security
9.1 Roles and Responsibilities
9.1.1 IT Security Forms
9.1.2 Corporate IT Security Officer
9.1.3 IT Project Security Officer and IT System
Security Officer
9.2 Commitment
9.3 Consistent Approach
10 Corporate Risk Analysis Strategy Options
10.1 Baseline Approach
10.2 Informal Approach
10.3 Detailed Risk Analysis
10.4 Combined Approach
11 IT Security Recommendations
11.1 Safeguard Selection
11.2 Risk Acceptance
12 IT System Security Policy
13 IT Security Plan
14 Implementation of Safeguards
15 Security Awareness
16 Maintenance
16.1 Maintenance
16.2 Security Compliance
16.3 Monitoring
16.4 Incident Handling
17 Summary