总站
ISO27001认证| ISO27001基础知识| ISO27001咨询| 质量认证论坛
网站首页 > 总站 > ISO27001 > ISO27001咨询 >

ISO27001认证现状调查与风险评估的工作流程是怎样的 ISO27000认证 认证公司 认证机构 认证咨询公司

发布时间:2018-07-04 00:51 点击次数:

ISO27001认证现状调查与风险评估的工作流程是怎样的  ISO27000认证 认证公司 认证机构 认证咨询公司
What is the working process of ISO27001 certification status investigation and risk assessment? What kind of ISO27000 certification certification company certification body certification consulting company?
现状调查与风险评估的工作流程是怎样的?
What is the workflow of the current situation investigation and risk assessment?
1.准备工作阶段:确定信息安全管理体系的范围,成立风险评估小组,制定风险评估计划,确定风险评估的方法与工具;
1. preparation stage: determine the scope of the information security management system, set up a risk assessment team, establish a risk assessment plan, and determine the methods and tools for risk assessment.
2.现状调查:对组织的业务运作流程、安全管理机构、资产情况、信息系统网络拓扑结构、安全控制情况、法律法规适用与执行情况进行调查;
2. the investigation of the current situation: the operation process of the organization, the security management organization, the asset situation, the network topology of the information system, the safety control, the application and the implementation of the laws and regulations;
•列出与信息有关的资产清单,并对每一项资产估价;
List the list of assets related to information and evaluate each asset.
•识别出资产所面临的威胁及其发生的可能性与潜在影响评价;
Identify the threats faced by assets and their potential and potential impact assessment;
•识别出被威胁所利用的薄弱点并对其被利用的难易程度进行评价;
Identify the weak points that are threatened and evaluate the difficulty of their utilization.
•对现有的安全控制措施进行确认;
• identification of existing safety control measures;
•进行风险大小测量并确定优先控制等级;
Carry out risk measurement and determine priority control level;
•风险评估结果的评审与批准;
The evaluation and approval of the results of the risk assessment;
•编制适用的法律法规清单并对其符合性进行评估;
- compile applicable laws and regulations list and assess its compliance;
•结果分析与评价,主要任务是对调查结果进行分析,找出信息安全管理方面的缺陷及组织存在的信息安全风险,明确信息安全要求,选择适当的控制方式予以实施,将风险降低到可接受的水平。
Results analysis and evaluation, the main task is to analyze the results of the investigation, find out the defects of the information security management and the risk of information security in the organization, clear the information security requirements, select the appropriate control mode to implement it, and reduce the risk to the acceptable level.
ISO27001 ISO27001认证 ISO27000 ISO27000认证 ISO27001国际标准 ISO27001证书
ISO27001 ISO27001 certification ISO27000 ISO27000 certification ISO27001 international standard ISO27001 certificate
(责任编辑:奔跑的稀饭)

【中鸿认证咨询-面向全国提供各项认证认可、企业管理培训及企业管理咨询服务。 客服中心电话:18908179001 联系QQ:568143011 1048325836】

相关文章
发表评论
请自觉遵守互联网相关的政策法规,严禁发布色情、暴力、反动的言论。
评价:
最新评论 进入详细评论页>>
推荐机构
关于我们| 加盟合作| 诚聘英才| 网站声明| 意见投诉| 网站地图| 联系我们
更多
Copyright © 2011-2020 中鸿认证咨询网 www.cnqr.org蜀ICP备1500852
面向全国提供服务 联系电话:18908179001 联系QQ:568143011 1048325836