# ISO 27001 Controls and Domains

ISO 27001 is structured around 14 domains, comprising a total of 114 controls. These domains and controls form the backbone of an effective Information Security Management System (ISMS). Here's a high-level introduction:

1. **Information Security Policies** (2 controls): Establish and review security policies.
2. **Organization of Information Security** (7 controls): Set up a framework for managing security.
3. **Human Resource Security** (6 controls): Ensure security from pre-employment to termination.
4. **Asset Management** (10 controls): Manage assets and assign ownership.
5. **Access Control** (14 controls): Restrict access to information based on business needs.
6. **Cryptographic Controls** (2 controls): Ensure proper use and management of cryptography.
7. **Physical and Environmental Security** (15 controls): Protect physical areas and equipment.
8. **Operational Security** (14 controls): Secure operations and ensure system integrity.
9. **Communications Security** (7 controls): Secure network services and data transfer.
10. **System Acquisition, Development, and Maintenance** (13 controls): Integrate security in the development lifecycle.
11. **Supplier Relationships** (5 controls): Manage risks from supplier interactions.
12. **Information Security Incident Management** (7 controls): Plan and respond to security incidents.
13. **Information Security Aspects of Business Continuity Management** (4 controls): Maintain security during disruptions.
14. **Compliance** (8 controls): Ensure adherence to legal, regulatory, and contractual requirements.

These controls collectively help organizations manage information security risks and protect their information assets effectively.