6 Defining ISMS scope, boundaries and ISMS policy定義ISMS范圍，邊界及方針

6.1 0verview of defining ISMS scope, boundaries and ISMS policy定義ISMS范圍， 邊界及方針綜述

6.2 Define organizational scope and boundaries定義組織范圍及邊界

6.3 Define information communication technology (ICT) scope and boundaries定義ICT范圍及邊界

6.4 Define physical scope and boundaries定義物理范圍及邊界

6.5Integrate each scope and boundaries to obtain the ISMS scope and boundaries整合所有的范圍與邊界獲得ISMS范圍與邊界

6.6 Develop the ISMS policy and obtain approval from management開發ISMS方針并獲得管理者支持

7 Conducting information security requirements analysis進行信息安全要求分析

7.10verview of conducting information security requirements analysis進行信息安全要求分析綜述

7.2 Define information security requirements for the ISMS process為ISMS過程定義信息安全要求

7.3 Identify assets within the ISMS scope識別ISMS范圍內的資產

7.4 Conduct an information security assessment進行信息安全風險評估

8 Conducting risk assessment and planning risk treatment進行風險評估及風險處置計劃

8.10verview of conducting risk assessment and planning risk treatment進行風險評估及風險處置計劃

8.2 Conduct risk assessment進行風險評估

8.3 Select the control objectives and controls選擇控制目標及控制措施

8.4 0btain management authorization for implementing and operating an ISMS獲得管理者對運行ISMS的批準