DIN ISO/IEC 27001:2008
信息技术.安全技术.信息安全管理系统.要求
Information technology - Security techniques - Information security management systems - Requirements (ISO/IEC 27001:2005); English version of DIN ISO/IEC 27001:2008-09
- 标准号
- DIN ISO/IEC 27001:2008
- 发布
- 2008年
- 发布单位
- 德国标准化学会
- 替代标准
- DIN ISO/IEC 27001:2015
- 当前最新
- DIN ISO/IEC 27001 Berichtigung 1:2017-03
- 引用标准
- ISO/IEC 17799:2005
- 被代替标准
- DIN ISO/IEC 27001:2007
- 适用范围
- 1.1 General This International Standard covers all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations). This International Standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. The ISMS is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. NOTE 1: References to 'business' in this International Standard should be interpreted broadly to mean those activities that are core to the purposes for the organization's existence. NOTE 2: ISO/IEC 17799 provides implementation guidance that can be used when designing controls. 1.2 Application The requirements set out in this International Standard are generic and are intended to be applicable to all organizations, regardless of type, size and nature. Excluding any of the requirements specified in Clauses 4, 5, 6, 7, and 8 is not acceptable when an organization claims conformity to this International Standard. Any exclusion of controls found to be necessary to satisfy the risk acceptance criteria needs to be justified and evidence needs to be provided that the associated risks have been accepted by accountable persons. Where any controls are excluded, claims of conformity to this International Standard are not acceptable unless such exclusions do not affect the organization's ability, and/or responsibility, to provide information security that meets the security requirements determined by risk assessment and applicable legal or regulatory requirements. NOTE: If an organization already has an operative business process management system (e.g. in relation with ISO 9001 or ISO 14001), it is preferable in most cases to satisfy the requirements of this International Standard within this existing management system.
DIN ISO/IEC 27001:2008相似标准
推荐
一图读懂 | 《信息安全技术 关键信息基础设施安全保护要求》
点击上方蓝字“中国认可”关注我们信息来源:市说新语...
工业控制系统信息安全之路,任重道远
工业控制系统信息安全之路,任重道远——写在《工业控制系统信息安全》专刊出版之前 2014年11月5日,由中国自动化学会《自动化博览》杂志社出版的《工业控制系统信息安全》专刊,将于上海全国发行。在这本专刊出版之前,我想和大家聊聊这本专刊的“那点事儿”。 从最初有了做一本真正的工业控制系统信息安全专刊的想法开始,到最终“拍板”决定做,其实是一个特别快速的过程。...
工业控制系统信息安全防护能力评估工作管理办法
,综合评价工业企业工业控制系统信息安全防护能力,制定《工业控制系统信息安全防护能力评估工作管理办法》。...
浅谈工业控制系统信息安全运维
以资产管理为基础,以风险管理为核心,以事件管理为主线,辅以有效的管理、监视与响应功能,从而构建动态可信的工业控制系统信息安全运维体系。小威也将在工业控制系统信息安全运维建设过程中添砖加瓦!(来源:威努特工控安全)...