ISO/IEC 27000:2016(E)
Foreword ..........................................................................................................................................................................................................................................v
0 Introduction
.............................................................................................................................................................................................................. 1
0.1 Overview
...................................................................................................................................................................................................... 1
................................................................................................................................................................ 1
0.3 Purpose of this International Standard
............................................................................................................................. 2
1 Scope
................................................................................................................................................................................................................................. 2
2 Termsanddefinitions
..................................................................................................................................................................................... 2
3 Information security management systems
.........................................................................................................................14
3.1 General
........................................................................................................................................................................................................ 14
3.2 What is an ISMS? ................................................................................................................................................................................ 14
3.2.1 Overview and principles
........................................................................................................................................ 14
3.2.2 Information
........................................................................................................................................................................ 15
.................................................................................................................................................. 15
3.2.4 Management
..................................................................................................................................................................... 15
.................................................................................................................................................. 16
3.3 Process approach
............................................................................................................................................................................... 16
.......................................................................................................................................................... 16
3.5 Establishing, monitoring, maintaining and improving an ISMS ................................................................ 17
3.5.1 Overview ..............................................................................................................................................................................17
.................................................................................17
.......................................................................................................... 18
.............................................................................................................. 18
3.5.5 Selecting and implementing controls .........................................................................................................18
3.5.6 Monitor, maintain and improve the effectiveness of the ISMS .............................................. 19
3.5.7 Continual improvement ..........................................................................................................................................19
3.6 ISMS critical success factors ..................................................................................................................................................... 20
....................................................................................................................... 20
4 ISMS family of standards
...........................................................................................................................................................................21
4.1 General information ........................................................................................................................................................................ 21
..........................................................................................22
4.2.1 ISO/IEC 27000 (this International Standard) ..................................................................................... 22
................................................................................................................................... 22
4.3.1 ISO/IEC 27001 ................................................................................................................................................................ 22
4.3.2 ISO/IEC 27006 ................................................................................................................................................................ 22
4.4 Standards describing general guidelines ...................................................................................................................... 22
4.4.1 ISO/IEC 27002 ................................................................................................................................................................ 22
4.4.2 ISO/IEC 27003 ................................................................................................................................................................ 23
4.4.3 ISO/IEC 27004 ................................................................................................................................................................ 23
4.4.4 ISO/IEC 27005 ................................................................................................................................................................ 23
4.4.5 ISO/IEC 27007 ................................................................................................................................................................ 23
4.4.6 ISO/IEC TR 27008 ....................................................................................................................................................... 23
4.4.7 ISO/IEC 27013 ................................................................................................................................................................ 24
4.4.8 ISO/IEC 27014 ................................................................................................................................................................ 24
4.4.9 ISO/IEC TR 27016
....................................................................................................................................................... 24
.................................................................................................... 25
4.5.1 ISO/IEC 27010 ................................................................................................................................................................ 25
4.5.2 ISO/IEC 27011 ................................................................................................................................................................ 25
4.5.3 ISO/IEC TR 27015 ....................................................................................................................................................... 25
4.5.4 ISO/IEC 27017
................................................................................................................................................................ 25
4.5.5 ISO/IEC 27018
................................................................................................................................................................ 26
4.5.6 ISO/IEC TR 27019 ....................................................................................................................................................... 26
4.5.7 ISO 27799 ............................................................................................................................................................................ 26
© ISO/IEC 2016 – All rights reserved iii
Contents Page
评论0