ISO27001将信息安全管理体系通过PDCA过程来实现持续完善
发布时间: 2011-11-08 11:57 点击:
ISO27001 realizes continuous improvement of information security management system through PDCA process
ISO27001将信息安全放在一个信息系统中来看待,它引入了安全政策、组织安全,从宏观上将信息安全融入到整个组织的政策中以加强信息安全。
ISO27001 regards information security in an information system. It introduces security policy and organizational security, and integrates information security into the policies of the whole organization from a macro perspective to strengthen information security.
同时它也引入了业务持续性管理、符合性等措施,将信息安全与组织的业务紧密联系在一起,将业务目标作为实现信息安全的导向。
At the same time, it also introduces business continuity management, compliance and other measures to closely link information security with the organization's business, and takes business objectives as the guidance to achieve information security.
人的因素仍然是网络安全管理的重要因素,ISO27001相应地引入了人事安全等措施以控制人的因素所造成的风险。
The human factor is still an important factor in network security management. ISO27001 correspondingly introduces personnel security measures to control the risks caused by human factors.
ISO27001所设定的ISMS是一个动态的可以自身完善的系统,它通过PDCA过程来实现持续完善。
Isms set by ISO27001 is a dynamic and self-improvement system, which can be continuously improved through PDCA process.