DIN ISO/IEC 27001-2008 信息技术.安全技术.信息安全管理系统.要求
作者:标准资料网 时间:2024-05-11 04:11:00 浏览:8723
来源:标准资料网
下载地址: 点击此处下载
【英文标准名称】:Informationtechnology-Securitytechniques-Informationsecuritymanagementsystems-Requirements(ISO/IEC27001:2005);EnglishversionofDINISO/IEC27001:2008-09
【原文标准名称】:信息技术.安全技术.信息安全管理系统.要求
【标准号】:DINISO/IEC27001-2008
【标准状态】:现行
【国别】:德国
【发布日期】:2008-09
【实施或试行日期】:
【发布单位】:德国标准化学会(DE-DIN)
【起草单位】:
【标准类型】:()
【标准水平】:()
【中文主题词】:计算机网络;计算机技术;计算机;数据交换;数据处理;数据保护;数据安全;数据存储保护;定义;文献;信息安全;信息系统;信息技术;IT安全;维修;管理;安全管理
【英文主题词】:Computernetworks;Computertechnology;Computers;Dataexchange;Dataprocessing;Dataprotection;Datasecurity;Datastorageprotection;Definition;Definitions;Documents;Informationsecurity;Informationsystems;Informationtechnology;ITsecurity;Maintenance;Management;Securitymanagement
【摘要】:1.1GeneralThisInternationalStandardcoversalltypesoforganizations(e.g.commercialenterprises,governmentagencies,non-profitorganizations).ThisInternationalStandardspecifiestherequirementsforestablishing,implementing,operating,monitoring,reviewing,maintainingandimprovingadocumentedISMSwithinthecontextoftheorganization'soverallbusinessrisks.Itspecifiesrequirementsfortheimplementationofsecuritycontrolscustomizedtotheneedsofindividualorganizationsorpartsthereof.TheISMSisdesignedtoensuretheselectionofadequateandproportionatesecuritycontrolsthatprotectinformationassetsandgiveconfidencetointerestedparties.NOTE1:Referencesto'business'inthisInternationalStandardshouldbeinterpretedbroadlytomeanthoseactivitiesthatarecoretothepurposesfortheorganization'sexistence.NOTE2:ISO/IEC17799providesimplementationguidancethatcanbeusedwhendesigningcontrols.1.2ApplicationTherequirementssetoutinthisInternationalStandardaregenericandareintendedtobeapplicabletoallorganizations,regardlessoftype,sizeandnature.ExcludinganyoftherequirementsspecifiedinClauses4,5,6,7,and8isnotacceptablewhenanorganizationclaimsconformitytothisInternationalStandard.Anyexclusionofcontrolsfoundtobenecessarytosatisfytheriskacceptancecriterianeedstobejustifiedandevidenceneedstobeprovidedthattheassociatedriskshavebeenacceptedbyaccountablepersons.Whereanycontrolsareexcluded,claimsofconformitytothisInternationalStandardarenotacceptableunlesssuchexclusionsdonotaffecttheorganization'sability,and/orresponsibility,toprovideinformationsecuritythatmeetsthesecurityrequirementsdeterminedbyriskassessmentandapplicablelegalorregulatoryrequirements.NOTE:Ifanorganizationalreadyhasanoperativebusinessprocessmanagementsystem(e.g.inrelationwithISO9001orISO14001),itispreferableinmostcasestosatisfytherequirementsofthisInternationalStandardwithinthisexistingmanagementsystem.
【中国标准分类号】:L70
【国际标准分类号】:35_040
【页数】:39P.;A4
【正文语种】:英语
【原文标准名称】:信息技术.安全技术.信息安全管理系统.要求
【标准号】:DINISO/IEC27001-2008
【标准状态】:现行
【国别】:德国
【发布日期】:2008-09
【实施或试行日期】:
【发布单位】:德国标准化学会(DE-DIN)
【起草单位】:
【标准类型】:()
【标准水平】:()
【中文主题词】:计算机网络;计算机技术;计算机;数据交换;数据处理;数据保护;数据安全;数据存储保护;定义;文献;信息安全;信息系统;信息技术;IT安全;维修;管理;安全管理
【英文主题词】:Computernetworks;Computertechnology;Computers;Dataexchange;Dataprocessing;Dataprotection;Datasecurity;Datastorageprotection;Definition;Definitions;Documents;Informationsecurity;Informationsystems;Informationtechnology;ITsecurity;Maintenance;Management;Securitymanagement
【摘要】:1.1GeneralThisInternationalStandardcoversalltypesoforganizations(e.g.commercialenterprises,governmentagencies,non-profitorganizations).ThisInternationalStandardspecifiestherequirementsforestablishing,implementing,operating,monitoring,reviewing,maintainingandimprovingadocumentedISMSwithinthecontextoftheorganization'soverallbusinessrisks.Itspecifiesrequirementsfortheimplementationofsecuritycontrolscustomizedtotheneedsofindividualorganizationsorpartsthereof.TheISMSisdesignedtoensuretheselectionofadequateandproportionatesecuritycontrolsthatprotectinformationassetsandgiveconfidencetointerestedparties.NOTE1:Referencesto'business'inthisInternationalStandardshouldbeinterpretedbroadlytomeanthoseactivitiesthatarecoretothepurposesfortheorganization'sexistence.NOTE2:ISO/IEC17799providesimplementationguidancethatcanbeusedwhendesigningcontrols.1.2ApplicationTherequirementssetoutinthisInternationalStandardaregenericandareintendedtobeapplicabletoallorganizations,regardlessoftype,sizeandnature.ExcludinganyoftherequirementsspecifiedinClauses4,5,6,7,and8isnotacceptablewhenanorganizationclaimsconformitytothisInternationalStandard.Anyexclusionofcontrolsfoundtobenecessarytosatisfytheriskacceptancecriterianeedstobejustifiedandevidenceneedstobeprovidedthattheassociatedriskshavebeenacceptedbyaccountablepersons.Whereanycontrolsareexcluded,claimsofconformitytothisInternationalStandardarenotacceptableunlesssuchexclusionsdonotaffecttheorganization'sability,and/orresponsibility,toprovideinformationsecuritythatmeetsthesecurityrequirementsdeterminedbyriskassessmentandapplicablelegalorregulatoryrequirements.NOTE:Ifanorganizationalreadyhasanoperativebusinessprocessmanagementsystem(e.g.inrelationwithISO9001orISO14001),itispreferableinmostcasestosatisfytherequirementsofthisInternationalStandardwithinthisexistingmanagementsystem.
【中国标准分类号】:L70
【国际标准分类号】:35_040
【页数】:39P.;A4
【正文语种】:英语
下载地址: 点击此处下载