书签 分享 收藏 举报 版权申诉 / 90

类型ISO IEC 27002-2013 Information technology - Security techniques - Code of practice for information security controls.pdf

  • 上传人:max1024
  • 文档编号:100758174
  • 上传时间:2023-07-23
  • 格式:PDF
  • 页数:90
  • 大小:926.05KB
  • 配套讲稿:

    如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。

    特殊限制:

    部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。

    关 键  词:
    ISO IEC 27002-2013 Information technology Security techniques Code of practice for controls 27002 20
    资源描述:
    Information technology Security techniques Code of practice for information security controlsTechnologies de linformation Techniques de scurit Code de bonne pratique pour le management de la scurit de linformation ISO/IEC 2013INTERNATIONAL STANDARDISO/IEC27002Second edition2013-10-01Reference numberISO/IEC 27002:2013(E)ISO/IEC 27002:2013(E)ii ISO/IEC 2013 All rights reservedCOPYRIGHT PROTECTED DOCUMENT ISO/IEC 2013All rights reserved.Unless otherwise specified,no part of this publication may be reproduced or utilized otherwise in any form or by any means,electronic or mechanical,including photocopying,or posting on the internet or an intranet,without prior written permission.Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester.ISO copyright officeCase postale 56 CH-1211 Geneva 20Tel.+41 22 749 01 11Fax+41 22 749 09 47E-mail copyrightiso.orgWeb www.iso.orgPublished in Switzerland ISO/IEC 27002:2013(E)ISO/IEC 2013 All rights reserved iiiContents PageForeword.v0 Introduction.vi1 Scope.12 Normative references.13Termsanddefinitions.14 Structure of this standard.14.1 Clauses.14.2 Control categories.15 Information security policies.25.1 Management direction for information security.26 Organization of information security.46.1 Internal organization.46.2 Mobile devices and teleworking.67 Human resource security.97.1 Prior to employment.97.2 During employment.107.3 Termination and change of employment.138 Asset management.138.1 Responsibility for assets.138.2 Information classification.158.3 Media handling.179 Access control.199.1 Business requirements of access control.199.2 User access management.219.3 User responsibilities.249.4 System and application access control.2510 Cryptography.2810.1 Cryptographic controls.2811 Physical and environmental security.3011.1 Secure areas.3011.2 Equipment.3312 Operations security.3812.1 Operational procedures and responsibilities.3812.2 Protection from malware.4112.3 Backup.4212.4 Logging and monitoring.4312.5 Control of operational software.4512.6 Technical vulnerability management.4612.7 Information systems audit considerations.4813 Communications security.4913.1 Network security management.4913.2 Information transfer.5014 System acquisition,development and maintenance.5414.1 Security requirements of information systems.5414.2 Security in development and support processes.5714.3 Test data.6215 Supplier relationships.6215.1 Information security in supplier relationships.62 ISO/IEC 27002:2013(E)iv ISO/IEC 2013 All rights reserved15.2 Supplier service delivery management.6616 Information security incident management.6716.1 Management of information security incidents and improvements.6717 Information security aspects of business continuity management.7117.1 Information security continuity.7117.2 Redundancies.7318 Compliance.7418.1 Compliance with legal and contractual requirements.7418.2 Information security reviews.77Bibliography.79 ISO/IEC 27002:2013(E)ForewordISO(the International Organization for Standardization)and IEC(the International Electrotechnical Commission)form the specialized system for worldwide standardization.National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity.ISO and IEC technical committees collaborate in fields of mutual interest.Other international organizations,governmental and non-governmental,in liaison with ISO and IEC,also take part in the work.In the field of information technology,ISO and IEC have established a joint technical committee,ISO/IEC JTC 1.International Standards are drafted in accordance with the rules given in the ISO/IEC Directives,Part 2.ISO/IEC 27002 was prepared by Joint Technical Committee ISO/IEC JTC 1,Information technology,Subcommittee SC 27,IT Security techniques.Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights.ISO shall not be held responsible for identifying any or all such patent rights.This second edition cancels and replaces the first edition(ISO/IEC 27002:2005),which has been technically and structurally revised.ISO/IEC 2013 All rights reserved v ISO/IEC 27002:2013(E)0 Introduction0.1 Background and contextThis International Standard is designed for organizations to use as a reference for selecting controls within the process of implementing an Information Security Management System(ISMS)based on ISO/IEC 2700110 or as a guidance document for organizations implementing commonly accepted information security controls.This standard is also intended for use in developing industry-and organization-specific information security management guidelines,taking into consideration their specific information security risk environment(s).Organizations of all types and sizes(including public and private sector,commercial and non-profit)
    展开阅读全文
    提示  文档分享网所有资源均是用户自行上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作他用。
    关于本文
    本文标题:ISO IEC 27002-2013 Information technology - Security techniques - Code of practice for information security controls.pdf
    链接地址:https://www.wdfxw.net/doc100758174.htm
    关于我们 - 网站声明 - 网站地图 - 资源地图 - 友情链接 - 网站客服 - 联系我们

    版权所有:www.WDFXW.net 

    鲁ICP备09066343号-25 




    收起
    展开