1 Scope
2 Normative references
3 Definitions and abbreviations
4 Overview
5 Information security policies
6 Organization of information security
7 Human resource security
8 Asset management
9 Access control
10 Cryptography
11 Physical and environmental security
12 Operations security
13 Communications security
14 System acquisition, development and maintenance
15 Supplier relationships
16 Information security incident management
17 Information security aspects of business continuity management
18 Compliance
Annex A – Telecommunications extended control set
Annex B – Additional guidance for network security
Bibliography