书签 分享 收藏 举报 版权申诉 / 30

类型ISO IEC 27001-2013 Information technology - Security techniques - Information security management systems - Requirements.pdf

  • 上传人:max1024
  • 文档编号:100758137
  • 上传时间:2023-07-23
  • 格式:PDF
  • 页数:30
  • 大小:296.53KB
  • 配套讲稿:

    如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。

    特殊限制:

    部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。

    关 键  词:
    ISO IEC 27001-2013 Information technology Security techniques management systems Requirements 27001
    资源描述:
    Information technology Security techniques Information security management systems RequirementsTechnologies de linformation Techniques de scurit Systmes de management de la scurit de linformation Exigences ISO/IEC 2013INTERNATIONAL STANDARDISO/IEC27001Second edition2013-10-01Reference numberISO/IEC 27001:2013(E)ISO/IEC 27001:2013(E)ii ISO/IEC 2013 All rights reservedCOPYRIGHT PROTECTED DOCUMENT ISO/IEC 2013All rights reserved.Unless otherwise specified,no part of this publication may be reproduced or utilized otherwise in any form or by any means,electronic or mechanical,including photocopying,or posting on the internet or an intranet,without prior written permission.Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester.ISO copyright officeCase postale 56 CH-1211 Geneva 20Tel.+41 22 749 01 11Fax+41 22 749 09 47E-mail copyrightiso.orgWeb www.iso.orgPublished in Switzerland ISO/IEC 27001:2013(E)ISO/IEC 2013 All rights reserved iiiContents PageForeword.iv0 Introduction.v1 Scope.12 Normative references.13Termsanddefinitions.14 Context of the organization.14.1 Understanding the organization and its context.14.2 Understanding the needs and expectations of interested parties.14.3 Determining the scope of the information security management system.14.4 Information security management system.25 Leadership.25.1 Leadership and commitment.25.2 Policy.25.3 Organizational roles,responsibilities and authorities.36 Planning.36.1 Actions to address risks and opportunities.36.2 Information security objectives and planning to achieve them.57 Support.57.1 Resources.57.2 Competence.57.3 Awareness.57.4 Communication.67.5 Documented information.68 Operation.78.1 Operational planning and control.78.2 Information security risk assessment.78.3 Information security risk treatment.79 Performance evaluation.79.1 Monitoring,measurement,analysis and evaluation.79.2 Internal audit.89.3 Management review.810 Improvement.910.1 Nonconformity and corrective action.910.2 Continual improvement.9Annex A(normative)Reference control objectives and controls.10Bibliography.23 ISO/IEC 27001:2013(E)ForewordISO(the International Organization for Standardization)and IEC(the International Electrotechnical Commission)form the specialized system for worldwide standardization.National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity.ISO and IEC technical committees collaborate in fields of mutual interest.Other international organizations,governmental and non-governmental,in liaison with ISO and IEC,also take part in the work.In the field of information technology,ISO and IEC have established a joint technical committee,ISO/IEC JTC 1.International Standards are drafted in accordance with the rules given in the ISO/IEC Directives,Part 2.The main task of the joint technical committee is to prepare International Standards.Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting.Publication as an International Standard requires approval by at least 75%of the national bodies casting a vote.Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights.ISO and IEC shall not be held responsible for identifying any or all such patent rights.ISO/IEC 27001 was prepared by Joint Technical Committee ISO/IEC JTC 1,Information technology,Subcommittee SC 27,IT Security techniques.This second edition cancels and replaces the first edition(ISO/IEC 27001:2005),which has been technically revised.iv ISO/IEC 2013 All rights reserved ISO/IEC 27001:2013(E)0 Introduction0.1 GeneralThis International Standard has been prepared to provide requirements for establishing,implementing,maintaining and continually improving an information security management system.The adoption of an information security management system is a strategic decision for an organization.The establishment and implementation of an organizations information security management system is influenced by the organizations needs and objectives,security requirements,the organizational processes used and the size and structure of the organization.All of these influencing factors are expected to change over time.The information security management system preserves the confidentiality,integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed.It is important that the information security management system is part of and integrated with the organizations processes and overall management structure and that information security is considered in the design of processes,information systems,and controls.It is expected that an information security management system implementation will be sca
    展开阅读全文
    提示  文档分享网所有资源均是用户自行上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作他用。
    关于本文
    本文标题:ISO IEC 27001-2013 Information technology - Security techniques - Information security management systems - Requirements.pdf
    链接地址:https://www.wdfxw.net/doc100758137.htm
    关于我们 - 网站声明 - 网站地图 - 资源地图 - 友情链接 - 网站客服 - 联系我们

    版权所有:www.WDFXW.net 

    鲁ICP备09066343号-25 




    收起
    展开