Information security
-
Understand the information security lifecycle
- Understand what information and ICT systems you need to protect
- Assess the risks to your information security
- Design fit-for-purpose information security measures
- Implement your information security measures
- Validate your security measures
- Operate and maintain to stay secure
- Review your security measures
- Retire information securely
INF006
Adopt a framework to manage information security
Your organisation should establish a framework to direct and coordinate the management of your information security.
Your framework must:
- be appropriate to the level of security risk in your information environment
- be consistent with your business needs and legal obligations
- integrate with any other frameworks governing your organisation’s security.
Your framework should also cover how you’ll ensure that your organisation:
- understands and follows security policies and processes
- is alerted to changes to systems, risks, or standards
- marks, accesses, and declassifies protected information correctly
- manages and controls access to information.
Examples of best practice frameworks include:
- ISO/IEC 27001:2013 Information technology -- Security techniques -- Information security management systems -- Requirements
- US National Institute of Standards and Technology (NIST) Cyber Security Framework
Page last modified: 4/05/2022