UNIDIR Cyber Policy Portal Database

Table of Contents Using the Information Security Manual 1 Executive summary 1 Applying a risk-based approach to cyber security 2 Cyber Security Principles 5 The cyber security principles 5 Guidelines for Cyber Security Roles 7 Chief Information Security Officer 7 System owners 9 Guidelines for Cyber Security Incidents 11 Detecting cyber security incidents 11 Managing cyber security incidents 13 Reporting cyber security incidents 15 Guidelines for Outsourcing 16 Cyber supply chain risk management 16 Managed services and cloud services 17 Guidelines for Security Documentation 20 Development and maintenance of security documentation 20 System-specific security documentation 23 Guidelines for Physical Security 25 Facilities and systems 25 ICT equipment and media 26 Guidelines for Personnel Security 28 Cyber security awareness training 28 ii