2.1 Structure
| No: 381000091275 | Date(g): 24/5/2017 | Date(h): 28/8/1438 | Status: In-Force |
Effective from May 24 2017 - May 23 2017
To view other versions open the versions tab on the right
| The Framework is structured around four main domains, namely: | |
| • | Cyber Security Leadership and Governance. |
| • | Cyber Security Risk Management and Compliance. |
| • | Cyber Security Operations and Technology. |
| • | Third Party Cyber Security. |
| For each domain, several subdomains are defined. A subdomain focusses on a specific cyber security topic. Per subdomain, the Framework states a principle, objective and control considerations. | |
| • | A principle summarizes the main set of required cyber security controls related to the subdomain. |
| • | The objective describes the purpose of the principle and what the set of required cyber security controls are expected to achieve. |
| • | The control considerations reflects the mandated cyber security controls that should be considered. |
| Control considerations have been uniquely numbered throughout the Framework. Where applicable, a control consideration can consist of up to 4 levels. | |
| The control considerations are numbered according to the following numbering system: | |
 | |
Figure 1 - Control consideration numbering system | |
| The figure below illustrates the overall structure of the Framework and indicates the cyber security domains and subdomains, including a reference to the applicable section of the Framework. | |
 | |
Figure 2 - Cyber Security Framework | |