Ace the 2025 Certified Governance Risk & Compliance (CGRC) Challenge – Navigate the Governance Maze with Confidence!

The domains outlined in ISO 17799, which is now officially recognized as ISO/IEC 27002, indeed encompass a broad range of areas that are vital for establishing and maintaining effective information security practices within an organization.

One of the fundamental aspects of these domains is the information security policy for the organization. This domain emphasizes the necessity for setting up a comprehensive security policy that directs and governs the organization’s approach to managing information security. It serves as the foundation for creating a security framework, guiding personnel on their responsibilities and the measures in place to protect information assets.

The inclusion of a strong information security policy ensures that security practices align with the organization’s objectives and regulatory requirements, helping to mitigate risks associated with information security breaches. By establishing such a policy, organizations can better manage their information security requirements and cultivate a culture of security awareness.

While system architecture management, business continuity management, and personnel security are indeed important aspects of information security, they are not specifically outlined as the primary domains in ISO 17799. Each of these areas are important components of a comprehensive security strategy but are categorized under different sections or guidelines within information security management frameworks rather than being the primary focus of security policy formation.