ImageVerifierCode 换一换
格式:PDF , 页数:86 ,大小:1.06MB ,
资源ID:590924      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-590924.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(CAN CSA-ISO IEC 27005-2011 Information technology - Security techniques - Information security risk management.pdf)为本站会员(赵齐羽)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

CAN CSA-ISO IEC 27005-2011 Information technology - Security techniques - Information security risk management.pdf

1、Information technology Security techniques Information security risk managementCAN/CSA-ISO/IEC 27005:11(ISO/IEC 27005:2011, IDT)National Standard of CanadaNOT FOR RESALE.PUBLICATION NON DESTINE LA REVENTE.Legal Notice for StandardsCanadian Standards Association (CSA) standards are developed through

2、a consensus standards development process approved by the Standards Council of Canada. This process brings together volunteers representing varied viewpoints and interests to achieve consensus and develop a standard. Although CSA administers the process and establishes rules to promote fairness in a

3、chieving consensus, it does not independently test, evaluate, or verify the content of standards.Disclaimer and exclusion of liabilityThis document is provided without any representations, warranties, or conditions of any kind, express or implied, including, without limitation, implied warranties or

4、 conditions concerning this documents fitness for a particular purpose or use, its merchantability, or its non-infringement of any third partys intellectual property rights. CSA does not warrant the accuracy, completeness, or currency of any of the information published in this document. CSA makes n

5、o representations or warranties regarding this documents compliance with any applicable statute, rule, or regulation. IN NO EVENT SHALL CSA, ITS VOLUNTEERS, MEMBERS, SUBSIDIARIES, OR AFFILIATED COMPANIES, OR THEIR EMPLOYEES, DIRECTORS, OR OFFICERS, BE LIABLE FOR ANY DIRECT, INDIRECT, OR INCIDENTAL D

6、AMAGES, INJURY, LOSS, COSTS, OR EXPENSES, HOWSOEVER CAUSED, INCLUDING BUT NOT LIMITED TO SPECIAL OR CONSEQUENTIAL DAMAGES, LOST REVENUE, BUSINESS INTERRUPTION, LOST OR DAMAGED DATA, OR ANY OTHER COMMERCIAL OR ECONOMIC LOSS, WHETHER BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE), OR ANY OTHER THEORY

7、OF LIABILITY, ARISING OUT OF OR RESULTING FROM ACCESS TO OR POSSESSION OR USE OF THIS DOCUMENT, EVEN IF CSA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, INJURY, LOSS, COSTS, OR EXPENSES.In publishing and making this document available, CSA is not undertaking to render professional or other s

8、ervices for or on behalf of any person or entity or to perform any duty owed by any person or entity to another person or entity. The information in this document is directed to those who have the appropriate degree of experience to use and apply its contents, and CSA accepts no responsibility whats

9、oever arising in any way from any and all use of or reliance on the information contained in this document. CSA is a private not-for-profit company that publishes voluntary standards and related documents. CSA has no power, nor does it undertake, to enforce compliance with the contents of the standa

10、rds or other documents it publishes. Intellectual property rights and ownershipAs between CSA and the users of this document (whether it be in printed or electronic form), CSA is the owner, or the authorized licensee, of all works contained herein that are protected by copyright, all trade-marks (ex

11、cept as otherwise noted to the contrary), and all inventions and trade secrets that may be contained in this document, whether or not such inventions and trade secrets are protected by patents and applications for patents. Without limitation, the unauthorized use, modification, copying, or disclosur

12、e of this document may violate laws that protect CSAs and/or others intellectual property and may give rise to a right in CSA and/or others to seek legal redress for such use, modification, copying, or disclosure. To the extent permitted by licence or by law, CSA reserves all intellectual property r

13、ights in this document.Patent rightsAttention is drawn to the possibility that some of the elements of this standard may be the subject of patent rights. CSA shall not be held responsible for identifying any or all such patent rights. Users of this standard are expressly advised that determination o

14、f the validity of any such patent rights is entirely their own responsibility.Authorized use of this documentThis document is being provided by CSA for informational and non-commercial use only. The user of this document is authorized to do only the following:If this document is in electronic form:.

15、load this document onto a computer for the sole purpose of reviewing it;.search and browse this document; and.print this document if it is in PDF format. Limited copies of this document in print or paper form may be distributed only to persons who are authorized by CSA to have such copies, and only

16、if this Legal Notice appears on each such copy.In addition, users may not and may not permit others to.alter this document in any way or remove this Legal Notice from the attached standard;.sell this document without authorization from CSA; or.make an electronic copy of this document.If you do not a

17、gree with any of the terms and conditions contained in this Legal Notice, you may not load or use this document or make any copies of the contents hereof, and if you do make such copies, you are required to destroy them immediately. Use of this document constitutes your acceptance of the terms and c

18、onditions of this Legal Notice.CSA Standards Update ServiceCAN/CSA-ISO/IEC 27005:11December 2011Title:Information technology Se curity techniques Information security risk managementPagination:29 pages (CSA/1CSA/4, ivi, and 19 text)To register for e-mail notification about any updates to this public

19、ationgo to www.ShopCSA.caclick on E-mail Services under MY ACCOUNTclick on CSA Standards Update ServiceThe List ID that you will need to register for updates to this publication is 2421445.If you require assistance, please e-mail techsupportcsa.ca or call 416-747-2233.Visit CSAs policy on privacy at

20、 www.csagroup.org/legal to find out how we protect your personal information.The Canadian Standards Association (CSA), under whose auspices this National Standard has been produced, was chartered in 1919 and accredited by the Standards Council of Canada to the National Standards system in 1973. It i

21、s a not-for-profit, nonstatutory, voluntary membership association engaged in standards development and certification activities. CSA standards reflect a national consensus of producers and users including manufacturers, consumers, retailers, unions and professional organizations, and governmental a

22、gencies. The standards are used widely by industry and commerce and often adopted by municipal, provincial, and federal governments in their regulations, particularly in the fields of health, safety, building and construction, and the environment. Individuals, companies, and associations across Cana

23、da indicate their support for CSAs standards development by volunteering their time and skills to CSA Committee work and supporting the Associations objectives through sustaining memberships. The more than 7000 committee volunteers and the 2000 sustaining memberships together form CSAs total members

24、hip from which its Directors are chosen. Sustaining memberships represent a major source of income for CSAs standards development activities. The Association offers certification and testing services in support of and as an extension to its standards development activities. To ensure the integrity o

25、f its certification process, the Association regularly and continually audits and inspects products that bear the CSA Mark. In addition to its head office and laboratory complex in Toronto, CSA has regional branch offices in major centres across Canada and inspection and testing agencies in eight co

26、untries. Since 1919, the Association has developed the necessary expertise to meet its corporate mission: CSA is an independent service organization whose mission is to provide an open and effective forum for activities facilitating the exchange of goods and services through the use of standards, ce

27、rtification and related services to meet national and international needs.For further information on CSA services, write toCanadian Standards Association5060 Spectrum Way, Suite 100Mississauga, Ontario, L4W 5N6CanadaThe Standards Council of Canada (SCC) is thecoordinating body of the National Standa

28、rdsSystem, a coalition of independent, autonomousorganizations working towards the furtherdevelopment and improvement of voluntarystandardization in the national interest.The principal objects of the SCC are to fosterand promote voluntary standardization as a meansof advancing the national economy,

29、benefiting thehealth, safety, and welfare of the public, assistingand protecting the consumer, facilitating domesticand international trade, and furthering internationalcooperation in the field of standards.A National Standard of Canada (NSC) is a standardprepared or reviewed by an accredited Standa

30、rds Development Organization (SDO) and approved by the SCC according to the requirements of CAN-P-2. Approval does not refer to the technical content of the standard; this remains the continuing responsibility of the SDO. An NSC reflects a consensus of a number of capable individuals whose collectiv

31、e interests provide, to the greatest practicable extent, a balance of representation of general interests, producers, regulators, users (including consumers), and others with relevant interests, as may be appropriate to the subject in hand. It normally is a standard which is capable of making a sign

32、ificant and timely contribution to the national interest.Those who have a need to apply standards areencouraged to use NSCs. These standards are subjectto periodic review. Users of NSCs are cautionedto obtain the latest edition from the SDO which publishes the standard.The responsibility for approvi

33、ng standards as National Standards of Canada rests with theStandards Council of Canada270 Albert Street, Suite 200Ottawa, Ontario, K1P 6N7CanadaAlthough the intended primary application of this Standard is stated in its Scope, it is importantto note that it remains the responsibility of the users to

34、 judge its suitability for their particular purpose.Registered trade-mark of Canadian Standards AssociationCette norme est offerte en anglais seulement pour le moment. La CSA publiera la version enfranais ds quelle sera produite par lorganisme rdacteur.Reviewed byNational Standard of CanadaPublished

35、 in December 2011 by Canadian Standards AssociationA not-for-profit private sector organization5060 Spectrum Way, Suite 100, Mississauga, Ontario, Canada L4W 5N61-800-463-6727 416-747-4044Visit our Online Store at www.ShopCSA.caApproved byStandards Council of CanadaCAN/CSA-ISO/IEC 27005:11Informatio

36、n technology Security techniques Information security risk managementPrepared by InternationalOrganizationforStandardization/ International Electrotechnical CommissionCAN/CSA-ISO/IEC 27005:11Information technology Security techniques Information security risk managementCSA/4 Canadian Standards Assoc

37、iation December 2011CAN/CSA-ISO/IEC 27005:11Information technology Security techniques Information security risk managementCSA PrefaceStandards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Informat

38、ion Technology (TCIT), Canadians serve as the Canadian Advisory Committee (CAC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, a

39、s a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T).This International Standard was reviewed by the CSA TCIT under the jurisdiction of the Strategic Steering Committee on Information Technology

40、 and deemed acceptable for use in Canada. From time to time, ISO/IEC may publish addenda, corrigenda, etc. The CSA TCIT will review these documents for approval and publication. For a listing, refer to the CSA Information Products catalogue or CSA Info Update or contact a CSA Sales representative. T

41、his Standard has been formally approved, without modification, by the Technical Committee and has been approved as a National Standard of Canada by the Standards Council of Canada.December 2011 Canadian Standards Association 2011All rights reserved. No part of this publication may be reproduced in a

42、ny form whatsoever without the prior permission of thepublisher. ISO/IEC material is reprinted with permission. Where the words “this International Standard” appear in the text, they should be interpreted as “this National Standard of Canada”.Inquiries regarding this National Standard of Canada shou

43、ld be addressed toCanadian Standards Association5060 Spectrum Way, Suite 100, Mississauga, Ontario, Canada L4W 5N61-800-463-6727 416-747-4000www.csa.caTo purchase CSA Standards and related publications, visit CSAs Online Store at www.ShopCSA.ca or call toll-free 1-800-463-6727 or 416-747-4044.CSA St

44、andards are subject to periodic review, and suggestions for their improvement will be referred to the appropriate committee. To submit a proposal for change to CSA Standards, please send the following information to inquiriescsa.ca and include “Proposal for change” in the subject line:(a) Standard d

45、esignation (number);(b) relevant clause, table, and/or figure number;(c) wording of the proposed change; and(d) rationale for the change.Reference numberISO/IEC 27005:2011(E)ISO/IEC 2011INTERNATIONAL STANDARD ISO/IEC27005Second edition2011-06-01Information technology Security techniques Information

46、security risk management Technologies de linformation Techniques de scurit Gestion des risques lis la scurit de linformation ISO/IEC 27005:2011(E) COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2011 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in a

47、ny form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 7

48、49 09 47 E-mail copyrightiso.org Web www.iso.org ii ISO/IEC 2011 All rights reservedISO/IEC 27005:2011(E) ISO/IEC 2011 All rights reserved iiiContents Page Foreword .v Introductionvi 1 Scope1 2 Normative references1 3 Terms and definitions .1 4 Structure of this International Standard .5 5 Backgroun

49、d6 6 Overview of the information security risk management process 7 7 Context establishment10 7.1 General considerations.10 7.2 Basic Criteria .10 7.2.1 Risk management approach 10 7.2.2 Risk evaluation criteria .10 7.2.3 Impact criteria 11 7.2.4 Risk acceptance criteria .11 7.3 Scope and boundaries12 7.4 Organization for information security risk management 12 8 Information security risk assessment.13 8.1 General description of information security risk assessment .13 8.2 Risk identification13 8.2.1 Introdu

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1