Objective A. Managing security risk

Created:  28 Jan 2018
Updated:  28 Jan 2018
Appropriate organisational structures, policies, and processes are in place to understand, assess and systematically manage security risks to the network and information systems supporting essential services.

Principles under this Objective

A1. Governance

Putting in place the policies and processes which govern your organisation's approach to the security of network and information systems.

A2. Risk Management

Identification, assessment and understanding of security risks. And the establishment of an overall organisational approach to risk management.

A3. Asset management

Determining and understanding all systems and/or services required to maintain or support essential services. 

A4. Supply chain

Understanding and managing the security risks to networks and information systems which arise from dependencies on external suppliers.



< Back To NIS OBJECTIVES                                Forward To OBJECTIVE B >


Was this guidance helpful?

We need your feedback to improve this content.

Yes No