opexxx · November 4, 2021 11:12
diff --git a/ISF_SOGP202_areas.txt b/ISF_SOGP202_areas.txt
 Security Governance
 SG1 Security Governance Approach
 SG1.1 Security Governance Framework
 SG1.2 Security Direction
 SG2 Security Governance Components
 SG2.1 Information Security Strategy
 SG2.2 Risk Appetite

 Information Risk Assessment
 IR1 Information Risk Assessment Framework
 IR1.1 Information Risk Assessment - Management Approach
 IR1.2 Information Risk Assessment - Methodology
 IR1.3 Information Risk Assessment - Supporting Material
 IR2 Information Risk Assessment Process
 IR2.1 Risk Assessment Scope
 IR2.2 Business Impact Assessment
 IR2.3 Business Impact Assessment - Confidentiality Requirements
 IR2.4 Business Impact Assessment - Integrity Requirements
 IR2.5 Business Impact Assessment - Availability Requirements
 IR2.6 Threat Profiling
 IR2.7 Vulnerability Assessment
 IR2.8 Risk Evaluation
 IR2.9 Risk Treatment

 Security Management
 SM1 Security Policy Management
 SM1.1 Information Security Policy
 SM1.2 Acceptable Use Policies
 SM2 Information Security Management
 SM2.1 Security Workforce
 SM2.2 Information Security Function
 SM2.3 Security Operations Centre (SOC)
 SM2.4 Information Security Projects
 SM2.5 Legal and Regulatory Compliance
 SM2.6 Asset Registers

 People Management
 PM1 Human Resource Security
 PM1.1 Employment Lifecycle
 PM1.2 Ownership and Responsibilities
 PM1.3 Employee-owned Devices
 PM1.4 Remote Working
 PM2 Security Awareness/Education
 PM2.1 Security Awareness Programme
 PM2.2 Security Awareness Messages
 PM2.3 Security Education/Training

 Information Management
 IM1 Information Classification and Privacy
 IM1.1 Information Classification and Handling
 IM1.2 Information Privacy
 IM2 Information Protection
 IM2.1 Document Management
 IM2.2 Sensitive Physical Information

 Physical Asset Management
 PA1 Equipment Management
 PA1.1 Hardware Lifecycle Management
 PA1.2 Workstation Configuration
 PA1.3 Office Equipment
 PA1.4 Portable Storage Devices
 PA1.5 Specialised Computing Equipment and Devices
 PA1.6 Industrial Control Systems
 PA2 Mobile Computing
 PA2.1 Mobile Device Protection
 PA2.2 Enterprise Mobility Management
 PA2.3 Mobile Application Management

 System Development
 SD1 System Development Management
 SD1.1 System Development Methodology
 SD1.2 System Development Environments
 SD1.3 Quality Assurance
 SD2 System Development Lifecycle
 SD2.1 Specifications of Requirements
 SD2.2 System Design
 SD2.3 Software Acquisition
 SD2.4 System Build
 SD2.5 System Testing
 SD2.6 Code Review
 SD2.7 System Promotion Criteria
 SD2.8 Installation Process
 SD2.9 Post-implementation Review
 SD2.10 System Decommission

 Business Application Management
 BA1 Corporate Business Applications
 BA1.1 Business Application Protection
 BA1.2 Web Application Protection
 BA1.3 Information Validation
 BA2 End User Developed Applications (EUDA)
 BA2.1 EUDA Development
 BA2.2 Protection of Spreadsheets
 BA2.3 Protection of Databases

 System Access
 SA1 Access Management
 SA1.1 Access Control
 SA1.2 User Authorisation
 SA1.3 Access Control Mechanisms
 SA1.4 Access Control Mechanisms - Password
 SA1.5 Access Control Mechanisms - Token
 SA1.6 Access Control Mechanisms - Biometric
 SA1.7 Sign-on Process
 SA2 Customer Access
 SA2.1 Customer Access Arrangements
 SA2.2 Customer Contracts
 SA2.3 Customer Connections

 System Management
 SY1 System Configuration
 SY1.1 Computer and Network Installations
 SY1.2 Server Configuration
 SY1.3 Virtualisation
 SY1.4 Network Storage Systems
 SY2 System Maintenance
 SY2.1 Service Level Agreements
 SY2.2 Performance Monitoring
 SY2.3 Backup
 SY2.4 Change Management

 Networks and Communications
 NC1 Network Management
 NC1.1 Network Device Configuration
 NC1.2 Physical Network Management
 NC1.3 Wireless Access
 NC1.4 External Network Connections
 NC1.5 Firewalls
 NC1.6 Remote Maintenance
 NC2 Electronic Communications
 NC2.1 Email
 NC2.2 Collaboration Platforms
 NC2.3 Voice Communication Services

 Supply Chain Management
 SC1 External Supplier Management
 SC1.1 Supplier Management Framework
 SC1.2 Supplier Procurement
 SC1.3 Supplier Contracts
 SC2 Cloud Services
 SC2.1 Cloud Security Management
 SC2.2 Core Cloud Security Controls

 Technical Security Management
 TS1 Security Solutions
 TS1.1 Security Architecture
 TS1.2 Malware Protection Activities
 TS1.3 Malware Protection Software
 TS1.4 Identity and Access Management
 TS1.5 Intrusion Detection
 TS1.6 Data Leakage Prevention
 TS1.7 Digital Rights Management
 TS2 Cryptography
 TS2.1 Cryptographic Solutions
 TS2.2 Cryptographic Key Management
 TS2.3 Public Key Infrastructure

 Threat and Incident Management
 TM1 Cyber Security Resilience
 TM1.1 Technical Vulnerability Management
 TM1.2 Security Event Logging
 TM1.3 Security Event Management
 TM1.4 Threat Intelligence
 TM1.5 Cyber Attack Protection
 TM2 Security Incident Management
 TM2.1 Security Incident Management Framework
 TM2.2 Security Incident Management Process
 TM2.3 Emergency Fixes
 TM2.4 Forensic Investigations

 Local Environment Management
 LC1 Local Environments
 LC1.1 Local Environment Profile
 LC1.2 Local Security Coordination
 LC2 Physical and Environmental Security
 LC2.1 Physical Protection
 LC2.2 Power Supplies
 LC2.3 Hazard Protection

 Business Continuity
 BC1 Business Continuity Framework
 BC1.1 Business Continuity Strategy
 BC1.2 Business Continuity Programme
 BC1.3 Resilient Technical Environments
 BC1.4 Crisis Management
 BC2 Business Continuity Process
 BC2.1 Business Continuity Planning
 BC2.2 Business Continuity Arrangements
 BC2.3 Business Continuity Testing

 Security Assurance
 AS1 Security Performance
 AS1.1 Security Assurance Programme
 AS1.2 Security Testing
 AS1.3 Security Monitoring and Reporting
 AS1.4 Information Risk Reporting
 AS2 Security Audit
 AS2.1 Security Audit Management
 AS2.2 Security Audit Process - Planning
 AS2.3 Security Audit Process - Fieldwork
 AS2.4 Security Audit Process - Reporting
 AS2.5 Security Audit Process - Monitoring
	Security Governance
	SG1 Security Governance Approach
	SG1.1 Security Governance Framework
	SG1.2 Security Direction
	SG2 Security Governance Components
	SG2.1 Information Security Strategy
	SG2.2 Risk Appetite

	Information Risk Assessment
	IR1 Information Risk Assessment Framework
	IR1.1 Information Risk Assessment - Management Approach
	IR1.2 Information Risk Assessment - Methodology
	IR1.3 Information Risk Assessment - Supporting Material
	IR2 Information Risk Assessment Process
	IR2.1 Risk Assessment Scope
	IR2.2 Business Impact Assessment
	IR2.3 Business Impact Assessment - Confidentiality Requirements
	IR2.4 Business Impact Assessment - Integrity Requirements
	IR2.5 Business Impact Assessment - Availability Requirements
	IR2.6 Threat Profiling
	IR2.7 Vulnerability Assessment
	IR2.8 Risk Evaluation
	IR2.9 Risk Treatment

	Security Management
	SM1 Security Policy Management
	SM1.1 Information Security Policy
	SM1.2 Acceptable Use Policies
	SM2 Information Security Management
	SM2.1 Security Workforce
	SM2.2 Information Security Function
	SM2.3 Security Operations Centre (SOC)
	SM2.4 Information Security Projects
	SM2.5 Legal and Regulatory Compliance
	SM2.6 Asset Registers

	People Management
	PM1 Human Resource Security
	PM1.1 Employment Lifecycle
	PM1.2 Ownership and Responsibilities
	PM1.3 Employee-owned Devices
	PM1.4 Remote Working
	PM2 Security Awareness/Education
	PM2.1 Security Awareness Programme
	PM2.2 Security Awareness Messages
	PM2.3 Security Education/Training

	Information Management
	IM1 Information Classification and Privacy
	IM1.1 Information Classification and Handling
	IM1.2 Information Privacy
	IM2 Information Protection
	IM2.1 Document Management
	IM2.2 Sensitive Physical Information

	Physical Asset Management
	PA1 Equipment Management
	PA1.1 Hardware Lifecycle Management
	PA1.2 Workstation Configuration
	PA1.3 Office Equipment
	PA1.4 Portable Storage Devices
	PA1.5 Specialised Computing Equipment and Devices
	PA1.6 Industrial Control Systems
	PA2 Mobile Computing
	PA2.1 Mobile Device Protection
	PA2.2 Enterprise Mobility Management
	PA2.3 Mobile Application Management

	System Development
	SD1 System Development Management
	SD1.1 System Development Methodology
	SD1.2 System Development Environments
	SD1.3 Quality Assurance
	SD2 System Development Lifecycle
	SD2.1 Specifications of Requirements
	SD2.2 System Design
	SD2.3 Software Acquisition
	SD2.4 System Build
	SD2.5 System Testing
	SD2.6 Code Review
	SD2.7 System Promotion Criteria
	SD2.8 Installation Process
	SD2.9 Post-implementation Review
	SD2.10 System Decommission

	Business Application Management
	BA1 Corporate Business Applications
	BA1.1 Business Application Protection
	BA1.2 Web Application Protection
	BA1.3 Information Validation
	BA2 End User Developed Applications (EUDA)
	BA2.1 EUDA Development
	BA2.2 Protection of Spreadsheets
	BA2.3 Protection of Databases

	System Access
	SA1 Access Management
	SA1.1 Access Control
	SA1.2 User Authorisation
	SA1.3 Access Control Mechanisms
	SA1.4 Access Control Mechanisms - Password
	SA1.5 Access Control Mechanisms - Token
	SA1.6 Access Control Mechanisms - Biometric
	SA1.7 Sign-on Process
	SA2 Customer Access
	SA2.1 Customer Access Arrangements
	SA2.2 Customer Contracts
	SA2.3 Customer Connections

	System Management
	SY1 System Configuration
	SY1.1 Computer and Network Installations
	SY1.2 Server Configuration
	SY1.3 Virtualisation
	SY1.4 Network Storage Systems
	SY2 System Maintenance
	SY2.1 Service Level Agreements
	SY2.2 Performance Monitoring
	SY2.3 Backup
	SY2.4 Change Management

	Networks and Communications
	NC1 Network Management
	NC1.1 Network Device Configuration
	NC1.2 Physical Network Management
	NC1.3 Wireless Access
	NC1.4 External Network Connections
	NC1.5 Firewalls
	NC1.6 Remote Maintenance
	NC2 Electronic Communications
	NC2.1 Email
	NC2.2 Collaboration Platforms
	NC2.3 Voice Communication Services

	Supply Chain Management
	SC1 External Supplier Management
	SC1.1 Supplier Management Framework
	SC1.2 Supplier Procurement
	SC1.3 Supplier Contracts
	SC2 Cloud Services
	SC2.1 Cloud Security Management
	SC2.2 Core Cloud Security Controls

	Technical Security Management
	TS1 Security Solutions
	TS1.1 Security Architecture
	TS1.2 Malware Protection Activities
	TS1.3 Malware Protection Software
	TS1.4 Identity and Access Management
	TS1.5 Intrusion Detection
	TS1.6 Data Leakage Prevention
	TS1.7 Digital Rights Management
	TS2 Cryptography
	TS2.1 Cryptographic Solutions
	TS2.2 Cryptographic Key Management
	TS2.3 Public Key Infrastructure

	Threat and Incident Management
	TM1 Cyber Security Resilience
	TM1.1 Technical Vulnerability Management
	TM1.2 Security Event Logging
	TM1.3 Security Event Management
	TM1.4 Threat Intelligence
	TM1.5 Cyber Attack Protection
	TM2 Security Incident Management
	TM2.1 Security Incident Management Framework
	TM2.2 Security Incident Management Process
	TM2.3 Emergency Fixes
	TM2.4 Forensic Investigations

	Local Environment Management
	LC1 Local Environments
	LC1.1 Local Environment Profile
	LC1.2 Local Security Coordination
	LC2 Physical and Environmental Security
	LC2.1 Physical Protection
	LC2.2 Power Supplies
	LC2.3 Hazard Protection

	Business Continuity
	BC1 Business Continuity Framework
	BC1.1 Business Continuity Strategy
	BC1.2 Business Continuity Programme
	BC1.3 Resilient Technical Environments
	BC1.4 Crisis Management
	BC2 Business Continuity Process
	BC2.1 Business Continuity Planning
	BC2.2 Business Continuity Arrangements
	BC2.3 Business Continuity Testing

	Security Assurance
	AS1 Security Performance
	AS1.1 Security Assurance Programme
	AS1.2 Security Testing
	AS1.3 Security Monitoring and Reporting
	AS1.4 Information Risk Reporting
	AS2 Security Audit
	AS2.1 Security Audit Management
	AS2.2 Security Audit Process - Planning
	AS2.3 Security Audit Process - Fieldwork
	AS2.4 Security Audit Process - Reporting
	AS2.5 Security Audit Process - Monitoring