Table of Contents
Using the Information Security Manual
1
Executive summary
1
Applying a risk-based approach to cyber security
2
Cyber Security Principles
5
The cyber security principles
5
Guidelines for Cyber Security Roles
7
Chief Information Security Officer
7
System owners
9
Guidelines for Cyber Security Incidents
11
Detecting cyber security incidents
11
Managing cyber security incidents
13
Reporting cyber security incidents
15
Guidelines for Outsourcing
16
Cyber supply chain risk management
16
Managed services and cloud services
17
Guidelines for Security Documentation
20
Development and maintenance of security documentation
20
System-specific security documentation
23
Guidelines for Physical Security
25
Facilities and systems
25
ICT equipment and media
26
Guidelines for Personnel Security
28
Cyber security awareness training
28
ii