- A recommended set of actions for cyber defense that provide specific and actionable ways to stop today’s most pervasive and dangerous attacks, and improve individual and collective security in cyberspace.
- Prioritize and focus on a number of actions with high pay-off results, derived from the most common attack patterns highlighted in the leading threat reports.
- A structured, coherent and professional approach to the management of information security, aligned with other ISO management systems
- Comprehensive information security risk assessment and treatment according to business and security priorities
- Focuses information security investment to greatest advantage
- Demonstrable governance using internationally-recognized good security practices
- For all functional roles in the organization, identify the specific knowledge, skills, and abilities needed to support defense of the enterprise.
- Develop and execute an integrated plan to assess, identify gaps, and remediate through policy, organizational planning, training, and awareness programs.