ISO/IEC 27003: 2010二

6 Defining ISMS scope, boundaries and ISMS policy定义ISMS范围，边界及方针

6.1 0verview of defining ISMS scope, boundaries and ISMS policy定义ISMS范围， 边界及方针综述

6.2 Define organizational scope and boundaries定义组织范围及边界

6.3 Define information communication technology (ICT) scope and boundaries定义ICT范围及边界

6.4 Define physical scope and boundaries定义物理范围及边界

6.5Integrate each scope and boundaries to obtain the ISMS scope and boundaries整合所有的范围与边界获得ISMS范围与边界

6.6 Develop the ISMS policy and obtain approval from management开发ISMS方针并获得管理者支持

7 Conducting information security requirements analysis进行信息安全要求分析

7.10verview of conducting information security requirements analysis进行信息安全要求分析综述

7.2 Define information security requirements for the ISMS process为ISMS过程定义信息安全要求

7.3 Identify assets within the ISMS scope识别ISMS范围内的资产

7.4 Conduct an information security assessment进行信息安全风险评估

8 Conducting risk assessment and planning risk treatment进行风险评估及风险处置计划

8.10verview of conducting risk assessment and planning risk treatment进行风险评估及风险处置计划

8.2 Conduct risk assessment进行风险评估

8.3 Select the control objectives and controls选择控制目标及控制措施

8.4 0btain management authorization for implementing and operating an ISMS获得管理者对运行ISMS的批准