Analisi dei rischi Lista di controllo per la sicurezza delle informazioni

Sembra che quello che stai cercando sia ISO / IEC 27002 - Tecnologia dell'informazione - Sicurezza tecniche - Codice di condotta per la gestione della sicurezza delle informazioni

Outline for ISO27002:2005

1. Framework
2. Acceptable Use of Information Technology Resources

3. Information Security Definition & Terms

4. Risk assessment

5. Security policy – management direction
6. Organization of information security – governance of information security
7. Asset management – inventory and classification of information assets
8. Human resources security – security aspects for employees joining, moving and leaving an organization
9. Physical and environmental security – protection of the computer facilities
10. Communications and operations management – management of technical security controls in systems and networks
11. Access control – restriction of access rights to networks, systems, applications, functions and data
12. Information systems acquisition, development and maintenance – building security into applications
13. Information security incident management – anticipating and responding appropriately to information security breaches
14. Business continuity management – protecting, maintaining and recovering business-critical processes and systems
15. Compliance – ensuring conformance with information security policies, standards, laws and regulations