分享
ISO_IEC_27000_2018.pdf
下载文档

ID:234731

大小:1,008.23KB

页数:34页

格式:PDF

时间:2023-03-14

收藏 分享赚钱
温馨提示:
1. 部分包含数学公式或PPT动画的文件,查看预览时可能会显示错乱或异常,文件下载后无此问题,请放心下载。
2. 本文档由用户上传,版权归属用户,汇文网负责整理代发布。如果您对本文档版权有争议请及时联系客服。
3. 下载前请仔细阅读文档内容,确认文档内容符合您的需求后进行下载,若出现内容与标题不符可向本站投诉处理。
4. 下载文档时可能由于网络波动等原因无法下载或下载错误,付费完成后未能成功下载的用户请联系客服处理。
网站客服:3074922707
ISO_IEC_27000_2018
Information technology Security techniques Information security management systems Overview and vocabularyTechnologies de linformation Techniques de scurit Systmes de management de la scurit de linformation Vue densemble et vocabulaireINTERNATIONAL STANDARDISO/IEC27000Reference numberISO/IEC 27000:2018(E)Fifth edition2018-02 ISO/IEC 2018 ISO/IEC 27000:2018(E)ii ISO/IEC 2018 All rights reservedCOPYRIGHT PROTECTED DOCUMENT ISO/IEC 2018All rights reserved.Unless otherwise specified,or required in the context of its implementation,no part of this publication may be reproduced or utilized otherwise in any form or by any means,electronic or mechanical,including photocopying,or posting on the internet or an intranet,without prior written permission.Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester.ISO copyright officeCP 401 Ch.de Blandonnet 8CH-1214 Vernier,Geneva,SwitzerlandTel.+41 22 749 01 11Fax+41 22 749 09 47copyrightiso.orgwww.iso.orgPublished in Switzerland ISO/IEC 27000:2018(E)Foreword.ivIntroduction.v1 Scope.12 Normative references.13Termsanddefinitions.14 Information security management systems.114.1 General.114.2 What is an ISMS?.114.2.1 Overview and principles.114.2.2 Information.124.2.3 Information security.124.2.4 Management.124.2.5 Management system.134.3 Process approach.134.4 Why an ISMS is important.134.5 Establishing,monitoring,maintaining and improving an ISMS.144.5.1 Overview.144.5.2 Identifying information security requirements.144.5.3 Assessing information security risks.154.5.4 Treating information security risks.154.5.5 Selecting and implementing controls.154.5.6 Monitor,maintain and improve the effectiveness of the ISMS.164.5.7 Continual improvement.164.6 ISMS critical success factors.174.7 Benefits of the ISMS family of standards.175 ISMS family of standards.185.1 General information.185.2 Standard describing an overview and terminology:ISO/IEC 27000(this document).195.3 Standards specifying requirements.195.3.1 ISO/IEC 27001.195.3.2 ISO/IEC 27006.205.3.3 ISO/IEC 27009.205.4 Standards describing general guidelines.205.4.1 ISO/IEC 27002.205.4.2 ISO/IEC 27003.205.4.3 ISO/IEC 27004.215.4.4 ISO/IEC 27005.215.4.5 ISO/IEC 27007.215.4.6 ISO/IEC TR 27008.215.4.7 ISO/IEC 27013.225.4.8 ISO/IEC 27014.225.4.9 ISO/IEC TR 27016.225.4.10 ISO/IEC 27021.225.5 Standards describing sector-specific guidelines.235.5.1 ISO/IEC 27010.235.5.2 ISO/IEC 27011.235.5.3 ISO/IEC 27017.235.5.4 ISO/IEC 27018.245.5.5 ISO/IEC 27019.245.5.6 ISO 27799.25Bibliography.26 ISO/IEC 2018 All rights reserved iiiContents Page ISO/IEC 27000:2018(E)ForewordISO(the International Organization for Standardization)is a worldwide federation of national standards bodies(ISO member bodies).The work of preparing International Standards is normally carried out through ISO technical committees.Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee.International organizations,governmental and non-governmental,in liaison with ISO,also take part in the work.ISO collaborates closely with the International Electrotechnical Commission(IEC)on all matters of electrotechnical standardization.The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives,Part 1.In particular the different approval criteria needed for the different types of ISO documents should be noted.This document was drafted in accordance with the editorial rules of the ISO/IEC Directives,Part 2(see www.iso.org/directives).Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights.ISO shall not be held responsible for identifying any or all such patent rights.Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received(see www.iso.org/patents).Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.For an explanation on the voluntary nature of standards,the meaning of ISO specific terms and expressions related to conformity assessment,as well as information about ISOs adherence to the World Trade Organization(WTO)principles in the Technical Barriers to Trade(TBT)see the following URL:www.iso.org/iso/foreword.html.This document was prepared by Technical Committee ISO/IEC JTC 1,Information technology,SC 27,IT Security techniques.This fifth edition cancels and replaces the fourth edition(ISO/IEC 27000:2016),which has been technically revised.The main changes compared to the previous edition are as follows:the Introduction has been reworded;some terms and definitions have been removed;Clause 3 has been aligned on the high-level structure for MSS;Clause 5 has been updated to reflect the changes in the standards concerned;Annexes A and B have b

此文档下载收益归作者所有

下载文档
你可能关注的文档
收起
展开