ISO27001认证 信息安全ISO27001体系建设实施方法
发布时间: 2012-12-21 17:04 点击:
ISO27001作为信息安全管理领域的权威标准,经过多年的实践和优化改进,目前已是全球业界一致公认的辅助信息安全治理的手段和最佳指导。
As the authoritative standard in the field of information security management, after years of practice and optimization, ISO27001 has been recognized as the means and the best guidance of information security governance in the global industry.
这是一个通用型的国际标准,在金融行业、制造业、航空运输、互联网行业等等各个领域都有良好的最佳实践成功案例。
This is a universal international standard, and there are good successful cases of best practice in various fields such as financial industry, manufacturing industry, air transportation, Internet industry, etc.
组织或企业或机构,都可以参考此标准构建符合组织自身环境和需求的信息安全管理体系。
Organizations or enterprises or institutions can refer to this standard to build information security management system that conforms to the environment and needs of the organization.
ISO27001体系建设实施方法
Implementation method of ISO27001 system construction
项目的目标达成和预期收益,是项目核心关注点。上图示例的项目方法论,是一套全面、系统化的实施方法论。
The target achievement and expected income of the project are the core concerns of the project. The project methodology in the example above is a comprehensive and systematic implementation methodology.
从策略、结构、流程、人员、技术五个维度,导入标准,实施优化和变革。之后,以运维变更管理为主轴,实现持续运营。
From the five dimensions of strategy, structure, process, personnel and technology, the standards are introduced and optimized and reformed. After that, the operation and maintenance change management is taken as the main axis to realize continuous operation.
我们都知道,信息安全不是一次标准导入、一次评估审计整改,就能达到预期目标和目的的。信息安全的建设,需要一个良好的运作机制,实现持续运营,持续改进,以推进信息安全治理不断达到新高度。
As we all know, information security is not a standard introduction, evaluation, audit and rectification, which can achieve the expected goals and objectives. The construction of information security needs a good operation mechanism to realize continuous operation and continuous improvement, so as to promote the information security governance to reach a new height.