ISO27001信息安全管理体系认证标准框架
发布时间: 2016-03-13 12:27 点击:
ISO27001 information security management system certification standards framework
本标准包括11个控制领域,39个控制目标和133个控制措施。
This standard includes 11 control areas, 39 control objectives and 133 control measures.
在实施的过程中,组织可以根据企业的实际情况,法律法规合约等因素选择适用的控制措施,也可增加额外的控制措施。
In the process of implementation, the organization can be based on the actual situation of enterprises, laws and regulations, and other factors to choose the appropriate control measures, can also increase the additional control measures.
1)安全策略(体现企业对信息安全管理体系的支持与承诺)
(1) security strategy (reflecting the support and commitment of the enterprise to the information security management system)
2)信息安全组织(建立信息安全管理架构,用于公司内部信息安全的管理和控制)
2) information security organization (the establishment of information security management architecture for the company's internal information security management and control)
3)资产管理(确保对组织各项资产的安全进行有效保护)
3) asset management (to ensure the safety of the organization of the assets to be effectively protected)
4)人力资源安全(制订所有人员的安全职责与角色)
(4) the human resources security (the responsibility and role of all personnel)
5)物理和环境安全(对组织的运营场所做出安全要求)
(5) physical and environmental safety (safety requirements for the operation of the organization)
6)通信和操作管理(完善公司内外的沟通与联系,以利于信息安全管理体系的顺利进行)
6) communications and operations management (to improve the company's internal and external communication and contact, in order to facilitate the smooth progress of the information security management system)
7)访问控制(管理信息资产的访问行为)
(7) access control (management of access to information assets)
8)信息系统获取、开发和维护(确保公司的IT项目和相关的支持活动已实施安全控制)
(8) acquisition, development and maintenance of information systems (to ensure that the company's IT programs and related support activities have been implemented for security controls)
9)信息安全事故管理(通报信息安全事故并采取纠正措施,确保实施有效的信息安全事故管理办法)
(9) information security incident management (notification of information security incidents and take corrective measures to ensure the implementation of effective information security incidents management approach)
10)业务连续性管理(制订企业持续运营计划,保护企业核心业务免受重大灾难的中断与影响)
10) Business Continuity Management (to develop business continuity plan, to protect the core business of the enterprise from the interruption and impact of major disasters)
11)符合性(符合法律法规合约的要求)
(11) compliance (in compliance with the requirements of laws and regulations)