Contents

Foreword
Introduction

1 Scope

2 Normative references

3 Terms and definitions

4 Abbreviated terms

5 Use and structure of this document

6 Governance and management standards

Overview
Governance activities within the scope of an ISMS
Other related standards
Thread of governance within the organization

7 Entity governance and information security governance

Overview

Objectives

Objective 1: Establish integrated comprehensive entity-wide information security
Objective 2: Make decisions using a risk-based approach
Objective 3: Set the direction of acquisition
Objective 4: Ensure conformance with internal and external requirements
Objective 5: Foster a security-positive culture
Objective 6: Ensure the security performance meets current and future requirements of the entity

Processes

8 The governing body’s requirements on the ISMS

Organization and ISMS
Scenarios (see Annex B)

AA - Governance relationship (informative)

AB - Types of ISMS organization (informative)

AC - Examples of communication (informative)

Bibliography