信息安全管理体系 ISO27001 2022版标准(Final Draft)
2022-10-27 20:38:45
916KB
1
ISO 标准——IEC 27001:2005
General
This International Standard has been prepared to provide a model for
establishing, implementing, operating, monitoring, reviewing, maintaining and
improving an Information Security Management System (ISMS). The adoption
of an ISMS should be a strategic decision for an organization. The design and
implementation of an organization’s ISMS is influenced by their needs and
objectives, security requirements, the processes employed and the size and
structure of the organization. These and their supporting systems are expected
to change over time. It is expected that an ISMS implementation will be scaled
in accordance with the needs of the organization, e.g. a simple situation
requires a simple ISMS solution.
This International Standard can be used in order to assess conformance by
interested internal and external parties.
本国际标准的目的是提供建立、实施、运作、监控、评审、维护和改进信息安全管理体系(ISMS)的模型。采用 ISMS 应是一个组织的战略决定。组织 ISMS 的设计和实施受业务需求和目标、安全需求、应用的过程及组织的规模、结构的影响。上述因素和他们的支持系统预计会随事件而变化。希望根据组织的需要去扩充 ISMS 的实施,如,简单的环境是用简单的 ISMS 解决方案。本国际标准可以用于内部、外部评估其符合性。
2022-07-04 12:35:07
905KB
ISO27001的起源与演变
改版影响
新版特点
国际标准的未来框架
新旧版本对比
27001标准条文解读
2021-08-20 01:02:08
1.14MB