LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What are the six core domains of an ISMS as applied in practice, and what does each cover?

The six ISMS core domains are Security Measures, Security Exception, IT Risk Assessment, Security Impact Analysis, Security Requirements Modelling, and Security Assessment — together they define, risk-assess, and verify controls.

Core domain Purpose
Security Measures (SM) Document and track defined security measures to mitigate risks (from assessments, exceptions, impact analyses)
Security Exception (SE) Track and approve accepted exceptions for non-compliance with a security requirement
IT Risk Assessment (ITRA) Identify and assess IT-related risks, driving the right measures
Security Impact Analysis (SIA) Structured, process-driven categorization of assets (often CIA-based) to set the protection need and information required for compliance
Security Requirements Modelling (SRM) Risk-based definition of required security controls, controlled per IT asset, based on practice/industry frameworks
Security Assessment (SA) Measure factual information-security and compliance maturity against control objectives, including reporting

From Quiz: ISM / Praktische Anwendung | Updated: Jul 14, 2026