标准摘要
[中文适用范围]: The scope of the organization's security programme and the risk management processes implemented to deliver it should be informed by following attributes: a) Requirements to achieve organizational objectives Known and potential sources of security risk and their likely impact on the achievement of organizational objectives. b) Governance, policy and processes Existing arrangements for accountability and responsibility in relation to the organization's security and the security-related policies and implementing processes, and their respective impact in relation to security risk and the security programme itself. [外文原描述]: This document provides guidance on the enterprise protective security architecture and the framework of protective security policies, processes and types of controls necessary to mitigate and manage security risks across the protective security domains, including: a) security governance; b) personnel security; c) information security; d) cybersecurity; e) physical security. This document is applicable for any organization.
英文名称Security and resilience — Protective security — Guidelines for an enterprise protective security architecture and framework