ISO27001:2013信息安全管理体系简介
发布时间: 2021-12-15 19:00 点击:
Iso27001:2013 introduction to information security management system
ISO27000 系列标准由 ISO/IEC 联合发布,概述了数百个控制措施和控制机制,以帮助所有类型和规模的组织确保信息资产安全。
The ISO27000 series of standards, jointly issued by ISO / IEC, outlines hundreds of control measures and control mechanisms to help organizations of all types and sizes ensure the security of information assets.
这些全球标准针对政策与流程提供了一个框架,其中包括所有与组织信息风险管理流程相关的法律、物理和技术控制措施。
These global standards provide a framework for policies and processes, including all legal, physical and technical controls related to the organization's information risk management process.
ISO27001 is a security standard formally standardizing information security management system (ISMS), which aims to realize information security through clear management control.
作为正式规范,它规定了定义如何实施、监控、维护及不断改进 ISMS 的各项要求。
As a formal specification, it defines the requirements for defining how to implement, monitor, maintain and continuously improve isms.
此外,其中还规定了一系列最佳实践,包括文档编制要求、责任划分、可用性、访问控制、安全性、审核,以及纠正和预防措施。
In addition, it specifies a series of best practices, including documentation requirements, division of responsibilities, availability, access control, security, audit, and corrective and preventive measures.
通过 ISO27001 认证,有助于组织遵守与信息安全有关的各种法规及法律要求。
ISO27001 certification helps organizations comply with various regulations and legal requirements related to information security.