Strategic Elements
- Scope of the ISMS
- Strategic issues and directions
- Legal and regulatory aspects
- Needs scale
- Security needs
- Sources of threats
1) Security Rules
1. Organization
- Security policy
- Security organization
- Information‑security risk management
- Security and lifecycle management
- Assurance and certification
2. Implementation
- Human aspects
- Business continuity planning
- Incident management
- Awareness and training
- Operations
- Physical and environmental aspects
3. Technical
- Identification / authentication
- Logical access control
- Logging
2) Action Plan
- Business Continuity Plan / Disaster Recovery Plan (BCP/DRP)
- Monitoring and alerting
- Backups and environment management
- Equipment management
- Flow isolation
- Access management
- Antivirus policy
- Supplier management and IT charter
- Roadmap
==Strategic Elements==