Components

This document utilizes the organizational structure of the ISO 27002 standard, with each of the eleven categories referenced in the standard included in this document as individual components.

The eleven components introduce focus areas of security practice and control. Components include: allocation of information security responsibilities, access control, physical, network and environmental security, security incident management, and systems development and maintenance.

As new policies are developed, this document will include hyper-text links to individual policy documents (both draft and approved) mapped to the appropriate component within the Framework.

The ISO standard also includes guidance (not included in this document) on the essential first step of information security risk management, enabling a holistic approach to IT security based on management’s risk assessment, security requirements and prioritized security controls (i.e. risk mitigation).

IT Governance

Components

Website Info