ISO27001认证 信息安全目标的制定
发布时间: 2020-12-01 10:38 点击:
ISO27001认证 信息安全目标的制定
Establishment of information security objectives for ISO27001 certification
使已识别的信息资产满足信息安全的各项要求,包括法律法规、客户与相关方和组织业务要求。具体目标包括:
Make the identified information assets meet the requirements of information security, including laws and regulations, customer and related parties and organization business requirements. Specific objectives include:
1、信息泄露事件为零
1. Zero information leakage
2、引起组织主要业务中断时间累计不能超过2h/年
2. The cumulative time of main business interruption caused by the organization shall not exceed 2 h / year
3、引起组织主要业务中断事件发生次数小于1次/年
3. The number of major business interruption events of the organization is less than 1 time / year
4、严重影响网络与信息系统可用性的事件小于1次/年
4. The events that seriously affect the availability of network and information system are less than once a year
5、信息安全事件发生时,以损失最小化、恢复时间最短化、避免再次发生为目标。
5. When an information security event occurs, the goal is to minimize the loss, minimize the recovery time, and avoid recurrence.