ISO IEC 27000-2018 - Information technology - Security techniques - Information security management systems - Overview and vocabulary.pdf
- 文档编号:14660588
- 上传时间:2023-06-25
- 格式:PDF
- 页数:34
- 大小:1,008.23KB
ISO IEC 27000-2018 - Information technology - Security techniques - Information security management systems - Overview and vocabulary.pdf
《ISO IEC 27000-2018 - Information technology - Security techniques - Information security management systems - Overview and vocabulary.pdf》由会员分享,可在线阅读,更多相关《ISO IEC 27000-2018 - Information technology - Security techniques - Information security management systems - Overview and vocabulary.pdf(34页珍藏版)》请在冰点文库上搜索。
InformationtechnologySecuritytechniquesInformationsecuritymanagementsystemsOverviewandvocabularyTechnologiesdelinformationTechniquesdescuritSystmesdemanagementdelascuritdelinformationVuedensembleetvocabulaireINTERNATIONALSTANDARDISO/IEC27000ReferencenumberISO/IEC27000:
2018(E)Fifthedition2018-02ISO/IEC2018ISO/IEC27000:
2018(E)iiISO/IEC2018AllrightsreservedCOPYRIGHTPROTECTEDDOCUMENTISO/IEC2018Allrightsreserved.Unlessotherwisespecified,orrequiredinthecontextofitsimplementation,nopartofthispublicationmaybereproducedorutilizedotherwiseinanyformorbyanymeans,electronicormechanical,includingphotocopying,orpostingontheinternetoranintranet,withoutpriorwrittenpermission.PermissioncanberequestedfromeitherISOattheaddressbeloworISOsmemberbodyinthecountryoftherequester.ISOcopyrightofficeCP401Ch.deBlandonnet8CH-1214Vernier,Geneva,SwitzerlandTel.+41227490111Fax+41227490947copyrightiso.orgwww.iso.orgPublishedinSwitzerlandISO/IEC27000:
2018(E)Foreword.ivIntroduction.v1Scope.12Normativereferences.13Termsanddefinitions.14Informationsecuritymanagementsystems.114.1General.114.2WhatisanISMS?
.114.2.1Overviewandprinciples.114.2.2Information.124.2.3Informationsecurity.124.2.4Management.124.2.5Managementsystem.134.3Processapproach.134.4WhyanISMSisimportant.134.5Establishing,monitoring,maintainingandimprovinganISMS.144.5.1Overview.144.5.2Identifyinginformationsecurityrequirements.144.5.3Assessinginformationsecurityrisks.154.5.4Treatinginformationsecurityrisks.154.5.5Selectingandimplementingcontrols.154.5.6Monitor,maintainandimprovetheeffectivenessoftheISMS.164.5.7Continualimprovement.164.6ISMScriticalsuccessfactors.174.7BenefitsoftheISMSfamilyofstandards.175ISMSfamilyofstandards.185.1Generalinformation.185.2Standarddescribinganoverviewandterminology:
ISO/IEC27000(thisdocument).195.3Standardsspecifyingrequirements.195.3.1ISO/IEC27001.195.3.2ISO/IEC27006.205.3.3ISO/IEC27009.205.4Standardsdescribinggeneralguidelines.205.4.1ISO/IEC27002.205.4.2ISO/IEC27003.205.4.3ISO/IEC27004.215.4.4ISO/IEC27005.215.4.5ISO/IEC27007.215.4.6ISO/IECTR27008.215.4.7ISO/IEC27013.225.4.8ISO/IEC27014.225.4.9ISO/IECTR27016.225.4.10ISO/IEC27021.225.5Standardsdescribingsector-specificguidelines.235.5.1ISO/IEC27010.235.5.2ISO/IEC27011.235.5.3ISO/IEC27017.235.5.4ISO/IEC27018.245.5.5ISO/IEC27019.245.5.6ISO27799.25Bibliography.26ISO/IEC2018AllrightsreservediiiContentsPageISO/IEC27000:
2018(E)ForewordISO(theInternationalOrganizationforStandardization)isaworldwidefederationofnationalstandardsbodies(ISOmemberbodies).TheworkofpreparingInternationalStandardsisnormallycarriedoutthroughISOtechnicalcommittees.Eachmemberbodyinterestedinasubjectforwhichatechnicalcommitteehasbeenestablishedhastherighttoberepresentedonthatcommittee.Internationalorganizations,governmentalandnon-governmental,inliaisonwithISO,alsotakepartinthework.ISOcollaboratescloselywiththeInternationalElectrotechnicalCommission(IEC)onallmattersofelectrotechnicalstandardization.TheproceduresusedtodevelopthisdocumentandthoseintendedforitsfurthermaintenancearedescribedintheISO/IECDirectives,Part1.InparticularthedifferentapprovalcriterianeededforthedifferenttypesofISOdocumentsshouldbenoted.ThisdocumentwasdraftedinaccordancewiththeeditorialrulesoftheISO/IECDirectives,Part2(seewww.iso.org/directives).Attentionisdrawntothepossibilitythatsomeoftheelementsofthisdocumentmaybethesubjectofpatentrights.ISOshallnotbeheldresponsibleforidentifyinganyorallsuchpatentrights.DetailsofanypatentrightsidentifiedduringthedevelopmentofthedocumentwillbeintheIntroductionand/orontheISOlistofpatentdeclarationsreceived(seewww.iso.org/patents).Anytradenameusedinthisdocumentisinformationgivenfortheconvenienceofusersanddoesnotconstituteanendorsement.Foranexplanationonthevoluntarynatureofstandards,themeaningofISOspecifictermsandexpressionsrelatedtoconformityassessment,aswellasinformationaboutISOsadherencetotheWorldTradeOrganization(WTO)principlesintheTechnicalBarrierstoTrade(TBT)seethefollowingURL:
www.iso.org/iso/foreword.html.ThisdocumentwaspreparedbyTechnicalCommitteeISO/IECJTC1,Informationtechnology,SC27,ITSecuritytechniques.Thisfiftheditioncancelsandreplacesthefourthedition(ISO/IEC27000:
2016),whichhasbeentechnicallyrevised.Themainchangescomparedtothepreviouseditionareasfollows:
theIntroductionhasbeenreworded;sometermsanddefinitionshavebeenremoved;Clause3hasbeenalignedonthehigh-levelstructureforMSS;Clause5hasbeenupdatedtoreflectthechangesinthestandardsconcerned;AnnexesAandBhavebeendeleted.ivISO/IEC2018AllrightsreservedISO/IEC27000:
2018(E)Introduction0.1OverviewInternationalStandardsformanagementsystemsprovideamodeltofollowinsettingupandoperatingamanagementsystem.Thismodelincorporatesthefeaturesonwhichexpertsinthefieldhavereachedaconsensusasbeingtheinternationalstateoftheart.ISO/IECJTC1/SC27maintainsanexpertcommitteededicatedtothedevelopmentofinternationalmanagementsystemsstandardsforinformationsecurity,otherwiseknownastheInformationSecurityManagementsystem(ISMS)familyofstandards.ThroughtheuseoftheISMSfamilyofstandards,organizationscandevelopandimplementaframeworkformanagingthesecurityoftheirinformationassets,includingfinancialinformation,intellectualproperty,andemployeedetails,orinformationentrustedtothembycustomersorthirdparties.ThesestandardscanalsobeusedtoprepareforanindependentassessmentoftheirISMSappliedtotheprotectionofinformation.0.2PurposeofthisdocumentTheISMSfamilyofstandardsincludesstandardsthat:
a)definerequirementsforanISMSandforthosecertifyingsuchsystems;b)providedirectsupport,detailedguidanceand/orinterpretationfortheoverallprocesstoestablish,implement,maintain,andimproveanISMS;c)addresssector-specificguidelinesforISMS;andd)addressconformityassessmentforISMS.0.3ContentofthisdocumentInthisdocument,thefollowingverbalformsareused:
“shall”indicatesarequirement;“should”indicatesarecommendation;“may”indicatesapermission;“can”indicatesapossibilityoracapability.InformationmarkedasNOTEisforguidanceinunderstandingorclarifyingtheassociatedrequirement.“Notestoentry”usedinClause3provideadditionalinformationthatsupplementstheterminologicaldataandcancontainprovisionsrelatingtotheuseofaterm.ISO/IEC2018AllrightsreservedvInformationtechnologySecuritytechniquesInformationsecuritymanagementsystemsOverviewandvocabulary1ScopeThisdocumentprovidestheoverviewofinformationsecuritymanagementsystems(ISMS).ItalsoprovidestermsanddefinitionscommonlyusedintheISMSfamilyofstandards.Thisdocumentisapplicabletoalltypesandsizesoforganization(mercialenterprises,governmentagencies,not-for-profitorganizations).ThetermsanddefinitionsprovidedinthisdocumentcovercommonlyusedtermsanddefinitionsintheISMSfamilyofstandards;donotcoveralltermsanddefinitionsappliedwithintheISMSfamilyofstandards;anddonotlimittheISMSfamilyofstandardsindefiningnewtermsforuse.2NormativereferencesTherearenonormativereferencesinthisdocument.3TermsanddefinitionsISOandIECmaintainterminologicaldatabasesforuseinstandardizationatthefollowingaddresses:
ISOOnlinebrowsingplatform:
availableathttps:
/www.iso.org/obpIECElectropedia:
availableathttps:
/www.electropedia.org/3.1accesscontrolmeanstoensurethataccesstoassetsisauthorizedandrestrictedbasedonbusinessandsecurityrequirements(3.56)3.2attackattempttodestroy,expose,alter,disable,stealorgainunauthorizedaccesstoormakeunauthorizeduseofanasset3.3auditsystematic,independentanddocumentedprocess(3.54)forobtainingauditevidenceandevaluatingitobjectivelytodeterminetheextenttowhichtheauditcriteriaarefulfilledNote1toentry:
Anauditcanbeaninternalaudit(firstparty)oranexternalaudit(secondpartyorthirdparty),anditcanbeacombinedaudit(combiningtwoormoredisciplines).Note2toentry:
Aninternalauditisconductedbytheorganizationitself,orbyanexternalpartyonitsbehalf.Note3toentry:
“Auditevidence”and“auditcriteria”aredefinedinISO19011.INTERNATIONALSTANDARDISO/IEC27000:
2018(E)ISO/IEC2018Allrightsreserved1ISO/IEC27000:
2018(E)3.4auditscopeextentandboundariesofanaudit(3.3)SOURCE:
ISO19011:
2011,3.14,modifiedNote1toentryhasbeendeleted.3.5authenticationprovisionofassurancethataclaimedcharacteristicofanentityiscorrect3.6authenticitypropertythatanentityiswhatitclaimstobe3.7availabilitypropertyofbeingaccessibleandusableondemandbyanauthorizedentity3.8basemeasuremeasure(3.42)definedintermsofanattributeandthemethodforquantifyingitNote1toentry:
Abasemeasureisfunctionallyindependentofothermeasures.SOURCE:
ISO/IEC/IEEE15939:
2017,3.3,modifiedNote2toentryhasbeendeleted.3.9competenceabilitytoapplyknowledgeandskillstoachieveintendedresults3.10confidentialitypropertythatinformationisnotmadeavailableordisclosedtounauthorizedindividuals,entities,orprocesses(3.54)3.11conformityfulfilmentofarequirement(3.56)3.12consequenceoutcomeofanevent(3.21)affectingobjectives(3.49)Note1toentry:
Aneventcanleadtoarangeofconsequences.Note2toentry:
Aconsequencecanbecertainoruncertainand,inthecontextofinformationsecurity,isusuallynegative.Note3toentry:
Consequencescanbeexpresse
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- ISO IEC 27000-2018 Information technology Security techniques management systems Overview and vocabu
链接地址:https://www.bingdoc.com/p-14660588.html