Critical Information Infrastructure Guideline Implementation Workbook 1.0

The purpose of the CII Workbook is to:

• Define governance of the Information Security activities and initiatives
• Define roles and responsibilities for the Information Security Program
• Define and implement appropriate information security policies, processes and framework to ensure protection of information and associated information assets
• Define risk management framework to periodically identify and mitigate threats and vulnerabilities to information assets
• Define resources, competency and training requirement to meet the objectives of Information security
• Define continual improvement plan through periodic management reviews, Internal IS audits and performance evaluation