Principles under this Objective
Putting in place the policies and processes which govern your organisation’s approach to the security of network and information systems.
Identification, assessment and understanding of security risks. And the establishment of an overall organisational approach to risk management.
Determining and understanding all systems and/or services required to maintain or support essential services.
Understanding and managing the security risks to networks and information systems which arise from dependencies on external suppliers.