Governance
Establishes the oversight structures to support the execution of information security management.
Capability Building Blocks
- A1Information Security Strategy
- Develop, communicate, and support the organization’s information security objectives.
- A2Security Policies and Controls
- Establish and maintain security policies and controls, taking into account relevant security standards, regulatory and legislative security requirements, and the organization’s security objectives.
- A3Security Roles, Responsibilities, and Accountabilities
- Establish responsibilities and accountabilities for information security roles, and check enforcement.
- A4Communication and Training
- Disseminate security approaches, policies, and other relevant information to develop security awareness and skills.
- A5Security Performance Reporting
- Report on the effectiveness and efficiency of information security policies and activities, and the level of compliance with them.
- A6Supplier Security
- Define security requirements pertaining to the procurement and supply of hardware, software, services, and data.