Standard

Track updates

AS ISO 22340:2024

[Current]

Security and resilience - Protective security - Guidelines for an enterprise protective security architecture and framework

AS ISO 22340:2024 identically adopts ISO 22340:2024, which provides guidance on the enterprise protective security architecture and the framework of protective security policies, processes and controls necessary to mitigate and manage security risks across the protective security domains

Published: 20/12/2024

Pages: 30

Table of contents

Cited references

Content history

Table of contents

Header

About this publication

Preface

Foreword

Introduction

1 Scope

2 Normative references

3 Terms and definitions

4 Enterprise protective security architecture

4.1 General

4.2 Integration

4.3 Elements of the architecture

5 Protective security principles and domains

5.1 Protective security principles

5.2 Protective security domains

6 Security governance domain

6.1 Objective

6.2 Security controls

6.2.1 The responsible security executive

6.2.2 Security management structure

6.2.2.1 General

6.2.2.2 Managing security risk

6.2.2.3 Security programme

6.2.2.3.1 General

6.2.2.3.2 Scope

6.2.2.3.3 Context

6.2.2.3.4 Criteria

6.2.2.3.5 Communication and consultation

6.2.2.3.6 Recording and reporting

6.2.2.3.7 Monitoring and review

6.2.2.4 Risk assessment and treatment

6.2.2.4.1 General

6.2.2.4.2 Risk analysis

6.2.2.4.3 Risk evaluation

6.2.2.4.4 Risk treatment

6.2.2.5 Security planning

6.2.2.6 External engagement

6.2.2.7 Security performance

6.2.2.8 Performance monitoring

6.2.2.9 Service providers and other external or third parties

6.3 Implementation

7 Personnel security domain

7.1 Objective

7.2 Security controls

7.2.1 General

7.2.2 Eligibility and suitability of personnel

7.2.3 Ongoing assessment of personnel

7.2.4 Separating personnel

7.2.5 Cooperation between human resources and security in applying controls

7.3 Implementation

8 Information security domain

8.1 Objective

8.2 Security controls

8.2.1 Business impact and security classification of information

8.2.2 Control access to the organization’s information

8.3 Implementation

9 Cybersecurity domain

9.1 Objective

9.2 Security controls

9.2.1 Defining the system and selecting security controls

9.2.2 Implementing and evaluating security controls

9.2.3 Authorizing cyber systems

9.2.4 Monitoring cyber systems

9.3 Implementation

9.4 Rapid development of the digital domain

10 Physical security domain

10.1 Objective

10.2 Security controls

10.2.1 Organizational physical assets

10.2.2 Organizational facilities

10.3 Implementation

11 Developing the organization’s security maturity

Bibliography

Cited references in this standard

ISO 22300:2021

[Current]

Security and resilience - Vocabulary

Content history

ISO 22340:2024

[Current]

DR AS ISO 22340:2024

One-time Purchase

Access via web browser on any device

One-time purchase

Single publication

Offline access via PDF^

$169.15 AUD

Inclusive of GST

Format *

Web Reader

Licenses *

1 user

Total$169.15 AUD

Add to Cart

IMPORTANT