This International Standard provides guidance for improving the state of Cybersecurity, drawing out the unique aspects of that activity and its dependencies on other security domains, in particular: It covers the baseline security practices for stakeholders in the Cyberspace. This International Standard provides:
Sisällysluettelo
Foreword
Introduction
1 Scope
2 Applicability
2.1 Audience
2.2 Limitations
3 Normative references
4 Terms and definitions
5 Abbreviated terms
6 Overview
6.1 Introduction
6.2 The nature of the Cyberspace
6.3 The nature of Cybersecurity
6.4 General model
6.5 Approach
7 Stakeholders in the Cyberspace
7.1 Overview
7.2 Consumers
7.3 Providers
8 Assets in the Cyberspace
8.1 Overview
8.2 Personal assets
8.3 Organizational assets
9 Threats against the security of the Cyberspace
9.1 Threats
9.2 Threat agents
9.3 Vulnerabilities
9.4 Attack mechanisms
10 Roles of stakeholders in Cybersecurity
10.1 Overview
10.2 Roles of consumers
10.3 Roles of providers
11 Guidelines for stakeholders
11.1 Overview
11.2 Risk assessment and treatment
11.3 Guidelines for consumers
11.4 Guidelines for organizations and service providers
12 Cybersecurity controls
12.1 Overview
12.2 Application level controls
12.3 Server protection
12.4 End-user controls
12.5 Controls against social engineering attacks
12.6 Cybersecurity readiness
12.7 Other controls
13 Framework of information sharing and coordination
13.1 General
13.2 Policies
13.3 Methods and processes
13.4 People and organizations
13.5 Technical
13.6 Implementation guidance
Annex A Cybersecurity readiness (informative)
Annex B Additional resources (informative)
Annex C Examples of related documents (informative)