ABSTRACT
The security baseline proposed in this chapter is built on the key risk indicator (KRI) controls identified in Chapter 2. Of the possible 133 controls in the ISO/IEC 17799:2005 (27002), I have identified 35 controls as KRI controls. These controls are critical and paramount to every information security program, independent of organization or industry. Each of the 35 controls will be listed in the forthcoming sections. The rationale of why they should be considered as a security baseline is described and included within the text. Requirements for implementation and assessment are beyond the scope of this chapter, and if additional guidance is required, refer to Chapters 7 through 17 as needed as well as the official standard itself.
