The section below, which spans the bulk of this section, will provide an overview of the identified and analysed normative sources. It has to be mentioned, that the identification of the contents for this section has been based on further desk research, experience in auditing activities, and publications by established RM/RA linked organisations (including ENISA, the article 29 Working Party, ISACA, the Basel Committee, the NIST, etc.).
In order to efficiently identify the relevant sections of each normative instrument, most of the texts have undergone extensive examination to determine the context and scope of the relevant sections. For some of the more detailed or less known documents a key word based approach has been followed. Specifically, the analysis of the texts focused on a specific subset of keywords, including:
- Goal related keywords: security - protection - confidentiality - availability - integrity - confidence – assurance, etc.
- Challenge related keywords: risk - danger - threat - loss - incident - hazard – damage, etc.
- Infrastructure related keywords: information - data - network – connectivity, etc.
- Qualification related keywords: criminal - accidental - negligent – harmful, etc.
In this manner, the texts below have all undergone the analysis needed to create an overview document, as described below.