ISO27001信息安全管理体系认证已经成为客户要求必备条件
发布时间: 2016-05-17 23:55 点击:
ISO27001 information security management system certification has become a prerequisite for customer requirements
信息安全在企业风险管理ERM中极为重要,强调对一个组织运行所必需的IT系统和信息的保密性、完整性、可用性的保护,提高投资回报率,降低由信息安全事故造成的损失及业务中断的风险。
Information security in enterprise risk management ERM is extremely important, stressed that are necessary for the operation of an organization's IT systems and information confidentiality, integrity, availability, and protection, improve the rate of return on investment, reduce the risk caused by information security accident damage and business interruption.
ISO27001体系自国际标准化组织颁布为国际标准ISO 27001:2005,成为“信息安全管理”之国际通用语言,于2013年9月27日更新改版为ISO27001: 2013,与ISO 9000和ISO 20000结合更加紧密。ISO27001已被全球一万八千多家政府机构和知名企业所采用。
ISO27001 system from the international organization for standardization issued to the international standard ISO 27001:2005, become "information security management" of the international language, on September 27, 2013 update revision for 2013 ISO27001:, combined with ISO 9000 and ISO 20000 more closely. ISO27001 has been adopted by the ten thousand world more than 8000 government institutions and well-known enterprises.
其方法是通过“风险评估”、“风险管理”切入企业的信息安全需求,有效降低企业面临的风险。在ISO27001:2005中有11个领域133个控制点,而在ISO27001:2013中有14个领域114个控制点(删除了旧版中39个控制点,新增了20个控制点) 。
Its way is through the risk assessment, risk management cut into the information security needs of enterprises, effectively reduce the risk of enterprise. In ISO27001:2005 there are 11 areas of 133 control points, and in the ISO27001:2013 there are 14 areas in 114 control points (delete the old version of the 39 control points, 20 new control points).
Establishment of information security management system (ISMS) has become a variety of organizations, especially high-tech industries, financial institutions, such as the management of operational risk is an indispensable important mechanism. In certain industries, such as software outsourcing, ISO27001 certification has become a prerequisite for customer requirements.