This book presents a framework to model the main activities of information security management and governance. The same model can be used for any security sub-domain such as cybersecurity, data protection, access rights management, business continuity, etc.
Introduction. 1. Governance and Management. 2. Control Framework. 3. Using the Control Framework. 4. Strategy. 5. Policy and Guidelines. 6. Organization. 7. Risk Management. 8. Security Program Management. 9. Reporting. 10. Asset Inventory. 11. Compliance. 12. Metrics and KPI.