6 Defining ISMS scope, boundaries and ISMS policy定義ISMS范圍，邊界及方針

6.1 0verview of defining ISMS scope, boundaries and ISMS policy定義ISMS范圍， 邊界及方針綜述

6.2 Define organizational scope and boundaries定義組織范圍及邊界

6.3 Define information communication technology (ICT) scope and boundaries定義ICT范圍及邊界

6.4 Define physical scope and boundaries定義物理范圍及邊界

6.5Integrate each scope and boundaries to obtain the ISMS scope and boundaries整合所有的范圍與邊界獲得ISMS范圍與邊界

6.6 Develop the ISMS policy and obtain approval from management開(kāi)發(fā)ISMS方針并獲得管理者支持

7 Conducting information security requirements analysis進(jìn)行信息安全要求分析

7.10verview of conducting information security requirements analysis進(jìn)行信息安全要求分析綜述

7.2 Define information security requirements for the ISMS process為ISMS過(guò)程定義信息安全要求

7.3 Identify assets within the ISMS scope識(shí)別ISMS范圍內(nèi)的資產(chǎn)

7.4 Conduct an information security assessment進(jìn)行信息安全風(fēng)險(xiǎn)評(píng)估

8 Conducting risk assessment and planning risk treatment進(jìn)行風(fēng)險(xiǎn)評(píng)估及風(fēng)險(xiǎn)處置計(jì)劃

8.10verview of conducting risk assessment and planning risk treatment進(jìn)行風(fēng)險(xiǎn)評(píng)估及風(fēng)險(xiǎn)處置計(jì)劃

8.2 Conduct risk assessment進(jìn)行風(fēng)險(xiǎn)評(píng)估

8.3 Select the control objectives and controls選擇控制目標(biāo)及控制措施

8.4 0btain management authorization for implementing and operating an ISMS獲得管理者對(duì)運(yùn)行ISMS的批準(zhǔn)