• Information asset register
  • Information classification scheme
  • Information life cycle
  • Business processes
  • System criticality assessment (criticality of information, software, equipment, people and locations)
  • Ownership and accountability

 

 security assurance security governance incident management critical information assets control framework information risk assessment