This document provides practical guidance for the Information security practice. It is split into seven main sections, covering:
● general information about the practice
● the practice’s processes and activities and their roles in the service value chain
● the organizations and people involved in the practice
● the information and technology supporting the practice
● considerations for partners and suppliers for the practice
● information on assessing and developing the capability of the practice
● recommendations for succeeding in the practice.