ISO/IEC17001信息安全管理体系认证的发展与基本内容
发布时间: 2016-03-13 12:20 点击:
ISO/IEC17001信息安全管理体系认证的发展与基本内容
Development and basic content of ISO/IEC17001 information security management system certification
信息安全管理实用规则ISO/IEC27001的前身为英国的BS7799标准,该标准由英国标准协会(BSI)于1995年2月提出,并于1995年5月修订而成的。
Information security management utility rule ISO/IEC27001 formerly known as the UK's BS7799 standard, which was proposed by the British Standards Institute (BSI) in February 1995, and was revised in May 1995.
1999年BSI重新修改了该标准。BS7799分为两个部分:BS7799-1,信息安全管理实施规则 BS7799-2,信息安全管理体系规范。
In 1999, BSI revised the standard. BS7799 is divided into two parts: BS7799-1, BS7799-2 code of practice for information security management, information security management systems specification.
第一部分对信息安全管理给出建议,供负责在其组织启动、实施或维护安全的人员使用;
The first part of the information security management recommendations for implementation, responsible for starting or maintenance of security personnel in the organization;
第二部分说明了建立、实施和文件化信息安全管理体系(ISMS)的要求,规定了根据独立组织的需要应实施安全控制的要求。
The second part describes the establishment, implementation and documentation of information security management system (ISMS) requirements stipulated according to the needs of independent organization should implement safety control requirements.