ISO/IEC27000认证系列标准介绍
ISO / IEC27000 certification series standards
截至2006年5月18日，ISO/IEC JTC1/SC27/WG1正在制定中的标准包括5个，分别是： 　　
As of May 18, 2006, ISO / IEC JTC1 / SC27 / WG1 are being developed in the standard includes 5, respectively:
ISO/IEC 27000 　　
ISO / IEC 27000
ISO/IEC 27000（Information security management system fundamentals and vocabulary 信息安全管理体系基础和术语），属于A类标准。
ISO / IEC 27000 ( Information security management system fundamentals and vocabulary information security management system fundamentals and vocabulary ), belongs to a standard.
ISO/IEC 27000提供了ISMS标准族中所涉及的通用术语及基本原则，是ISMS标准族中最基础的标准之一。
ISO / IEC 27000 provides ISMS family of standards of general terms and basic principle, is the ISMS family of standards in one of the most basic standard.
ISMS标准族中的每个标准都有“术语和定义”部分，但不同标准的术语间往往缺乏协调性，而ISO/IEC27000则主要用于实现这种协调。 　　
The ISMS family of standards of each standard has" terminology and definition of" part, but different standard terms are often lack of coordination, and ISO / IEC27000 is mainly used to achieve the coordination.
ISO/IEC 27000目前处于WD（工作组草案）阶段，正在SC27内研究并征求意见。 　　
ISO / IEC 27000 is currently in WD ( working draft ) stage, is SC27 research and solicit opinions.
ISO/IE 27003 　　
ISO / IE 27003
ISO/IEC27003（Information security management system implementation guidance 信息安全管理体系实施指南），属于C类标准。
ISO / IEC27003 ( Information security management system implementation guidance information security management system ), which belongs to class C standard.
ISO/IEC27003为建立、实施、监视、评审、保持和改进符合ISO/IEC27001的ISMS提供了实施指南和进一步的信息，使用者主要为组织内负责实施ISMS的人员。 　　
ISO / IEC27003 for the establishment, implementation, monitoring, evaluation, maintained and improved with ISO / IEC27001 ISMS provides practical guidance and further information, the user is responsible for the implementation of ISMS personnel within the organization.
该标准给出了ISMS实施的关键成功因素，实施过程依照ISO/IEC27001要求的PDCA模型进行，并进一步介绍了各个阶段的活动内容及详细实施指南。 　　
The standard gives the critical success factors for ISMS implementation, the implementation process in accordance with the requirements of ISO / IEC27001 PDCA model, and further presents the various phases of activity content and detailed implementation guidelines.
ISO/IEC 27003目前也处在WD阶段，正在SC27内研究并征求意见。 　　
ISO / IEC 27003 is currently in phase WD, is SC27 research and solicit opinions.
ISO/IEC 27004 　　
ISO / IEC 27004
ISO/IEC27004（Information security management measurements 信息安全管理测量），属于C类标准。
ISO / IEC27004 ( Information security management measurements information security management measurement ), belongs to the class C standard.
该标准主要为组织测量信息安全控制措施和ISMS过程的有效性提供指南。 　　
The standard for measuring information security control measures and the ISMS process is effective to provide guidance.
该标准将测量分为两个类别：有效性测量和过程测量，列出了多种测量方法，例如调查问卷、观察、知识评估、检查、二次执行、测试（包括设计测试和运行测试）以及抽样等。 　　
The standard will be divided into two categories: measuring the validity of measurement and process measurement, lists a variety of measurement methods, such as questionnaire, observation, knowledge assessment, inspection, two implementation, testing ( including design, test and operation test ) and sampling.
该标准定义了ISMS的测量过程：首先要实施ISMS的测量，应定义选择测量措施，同时确定测量的对象和验证准则，形成测量计划；实施ISMS测量的过程中，应定义数据的收集、分析和报告程序并评审、批准提供资源以支持测量活动的开展；在ISMS的检查和处置阶段，也应对测量措施加以改进，这就要求首先定义测量过程的评价准则，对测量过程加以监控，并定期实施评审。 　　
This standard defines the ISMS measurement process: first to implement ISMS measurements, should define selection measures, at the same time determined by measurement of the object and the validation criteria, form measuring plan; the implementation of ISMS measurement in the process, should define data collection, analysis and reporting procedures and review, approval to provide resources to support the measurement of activities; in the ISMS check and disposal stages, also respond to measures to be improved, which requires first the definition of measurement process evaluation criterion, the measurement process control, and regular implementation review.
目前该标准已经处于CD（委员会草案）阶段，预计将于2008年完成。 　　
At present, the standard has been in CD ( committee draft ) stage, is expected to be completed in 2008.
ISO/IEC 27005 　　
ISO / IEC 27005
ISO/IEC27005（Information security risk management 信息安全风险管理），属于C类标准。该标准给出了信息安全风险管理的指南，其中所描述的技术遵循ISO/IEC27001中的通用概念、模型和过程。 　　
ISO / IEC27005 ( Information security risk management information security risk management ), which belongs to class C standard. The criteria are given for information security risk management guide, which described the technology based on ISO / IEC27001 general concept, model and process.
该标准介绍了一般性的风险管理过程，并重点阐述了风险评估的几个重要环节，包括风险评估、风险处理、风险接受等。在标准的附录中，给出了资产、影响、脆弱性以及风险评估的方法，并列出了常见的威胁和脆弱性。最后还给出了根据不同通信系统以及不同安全问题和威胁选择控制措施的方法。 　　
The standard introduced the general risk management process, and focuses on the risk assessment of several important aspects, including risk assessment, risk treatment, risk acceptance. In the standard, gives the assets, impacts, vulnerability and risk assessment methods, and lists the common threats and vulnerability. Finally, according to different communication systems and various security issues and threats selection control measures.
目前该标准处于Final CD（最终委员会草案）阶段。 　　
The current standard in Final CD ( final committee draft ) stage.
ISO/IEC 27006 　　
ISO / IEC 27006
ISO/IEC27005（Requirements for the accreditation of bodies providing certification of information security management systems 信息安全管理体系认证机构的认可要求），属于D类标准。
ISO / IEC27005 ( Requirements for the accreditation of bodies providing certification of information security management systems information safety management system certification body accreditation requirements ), belongs to the class D standard.
该标准的主要内容是对从事ISMS认证的机构提出了要求和规范，或者说它规定了一个机构“具备怎样的条件就可以从事ISMS认证业务”。 　　
The main content of this standard is to engage in ISMS certification body requirements and specification, or that it provides a mechanism for" have what kind of conditions can be engaged in the ISMS certification business".
目前该标准处于Final CD（最终委员会草案）阶段。
The current standard in Final CD ( final committee draft ) stage.