part Section I: Evaluating and Measuring an Information Security Program -- chapter 1 Information Security Risk Assessment Model (ISRAM™) -- chapter 2 Global Information Security Assessment Methodology (GISAM™) -- chapter 3 The Culmination of ISRAM and GISAM -- chapter 4 KRI Security Baseline Controls -- chapter 5 History of the Standard -- chapter 6 Overview -- part Section II: Analysis of ISO/IEC 17799:2005 (27002) Controls -- chapter 7 Security Policy -- chapter 8 Organization of Information Security -- chapter 9 Asset Management -- chapter 10 Human Resources Security -- chapter 11 Physical and Environmental Security -- chapter 12 Communications and Operations Management -- chapter 13 Access Control -- chapter 14 Information Systems Acquisition, Development, and Maintenance -- chapter 15 Information Security Incident Management -- chapter 16 Information Security Aspects of Business Continuity Management -- chapter 17 Compliance with Legal Requirements -- chapter ISO Standards Cited in ISO/IEC 17799:2005.