+ISMS.1.A2 Defining Security Objectives and Strategy [Top Management] (B)

1. Overview

ISMS.1.A2 Defining Security Objectives and Strategy [Top Management] (B)

An organisation's Top Management MUST initiate and establish the security process. For this
purpose, the Top Management MUST define and document appropriate security objectives
and an information security strategy. Conceptual specifications MUST be developed and
organisational framework conditions established to enable the proper and secure handling of
information within all the organisation's business processes or specialised tasks.
The Top Management MUST support and take responsibility for its organisation's security
strategy and security objectives. The Top Management MUST regularly review these security
objectives and the security strategy to ensure that they are still relevant and appropriate and
can be implemented effectively.

Summary	Standard

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

Requirements
Source	Requirement

3. Related Regulations

Regulations
Source	Regulation

ITGC -
Bundesamt für Sicherheiter in der Informationstechnik - IT-Grundschutzkompendium Stand 2022