点击图片查看原图
策略(Security policy);
信息组织(Organization of information security);
资产管理(Asset management);
人力资源 (Human resource security);
物理和环境(Physical and environmental security);
通信和操作管理(Communication and operation management);
访问控制(Access control);
信息系统获取、开发和维护(Information systems acquisition, development and maintenance);
信息事件管理(Information security incident management);
业务连续管理(Business continuity management);
符合(Compliance)。