Information Security Risk Management Standard

This standard defines how the organization classifies their systems and data, such as confidential, internal, and public, so that the correct controls can be put into place based on the classification.