ImageVerifierCode 换一换
格式:PDF , 页数:94 ,大小:2.68MB ,
资源ID:727098      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-727098.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(EN ISO IEC 27002-2017 en Information technology - Security techniques - Code of practice for information security controls《信息技术-安全技术-信息安全控制规范(ISO IEC 27002 2013包括肺心病 肺2 2015 1 201.pdf)为本站会员(diecharacter305)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

EN ISO IEC 27002-2017 en Information technology - Security techniques - Code of practice for information security controls《信息技术-安全技术-信息安全控制规范(ISO IEC 27002 2013包括肺心病 肺2 2015 1 201.pdf

1、BS ISO/IEC 27002:2013Incorporating corrigendum September 2014BS ISO/IEC 27002:2013Incorporating corrigenda September 2014 and November 2015BS EN ISO/IEC 27002:2017Information technology Security techniques Code of practice for information security controls (ISO/IEC 27002:2013)BSI Standards Publicati

2、onWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06BS EN ISO/IEC 27002:2017 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of EN ISO/IEC 27002:2017. It is identical to ISO/IEC 27002:2013, incorporating corrigenda September 2014 and November 2015. It supersedes

3、 BS ISO/IEC 27002:2013 which is withdrawn.The start and finish of text introduced or altered by corrigendum is indicated in the text by tags. Text altered by ISO/IEC corrigendum September 2014 is indicated in the text by .The UK participation in its preparation was entrusted by Technical Committee I

4、ST/33, IT - Security techniques, to Subcommittee IST/33/-/1, Requirements, security services and guidelines.A list of organizations represented on this subcommittee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions of a contract. Us

5、ers are responsible for its correct application. The British Standards Institution 2017. Published by BSI Standards Limited 2017ISBN 978 0 580 95520 4ICS 35.030Compliance with a British Standard cannot confer immunity from legal obligations.This British Standard was published under the authority of

6、the Standards Policy and Strategy Committee on 1 October 2013.Amendments/corrigenda issued since publicationDate Text affected31 October 2014 Implementation of ISO/IEC corrigendum September 201430 November 2015 Implementation of ISO/IEC corrigendum November 2015: Subclause 14.2.8 modified31 March 20

7、17 This corrigendum renumbers BS ISO/IEC 27002:2013 as BS EN ISO/EC 27002:2017.EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN ISO/IEC 27002 February 2017 ICS 03.100.70; 35.030 English Version Information technology - Security techniques - Code of practice for information security controls (ISO

8、/IEC 27002:2013 including Cor 1:2014 and Cor 2:2015) Technologies de linformation - Techniques de scurit - Code de bonne pratique pour le management de la scurit de linformation (ISO/IEC 27002:2013 y compris Cor 1:2014 et Cor 2:2015) Informationstechnik - Sicherheitsverfahren - Leitfaden fr Informat

9、ionssicherheitsmanahmen (ISO/IEC 27002:2013 einschlielich Cor 1:2014 und Cor 2:2015) This European Standard was approved by CEN on 26 January 2017. CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard t

10、he status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN and CENELEC member. This European Standard exists in three official versions (

11、English, French, German). A version in any other language made by translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN and CENELEC members are the national standards

12、bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia,

13、Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2017 CEN and CENELEC All rights of exploitation in any form and by an

14、y means reserved worldwide for CEN and CENELEC national Members. Ref. No. EN ISO/IEC 27002:2017 E ISO/IEC 27002:2013(E) ISO/IEC 2013 All rights reserved iiiContents PageForeword v0 Introduction .vi1 Scope . 12 Normative references 13 Terms and definitions . 14 Structure of this standard . 14.1 Claus

15、es . 14.2 Control categories 15 Information security policies 25.1 Management direction for information security . 26 Organization of information security . 46.1 Internal organization . 46.2 Mobile devices and teleworking 67 Human resource security 97.1 Prior to employment 97.2 During employment . 1

16、07.3 Termination and change of employment 138 Asset management 138.1 Responsibility for assets 138.2 Information classification .158.3 Media handling 179 Access control .199.1 Business requirements of access control 199.2 User access management 219.3 User responsibilities . 249.4 System and applicat

17、ion access control 2510 Cryptography .2810.1 Cryptographic controls . 2811 Physical and environmental security .3011.1 Secure areas 3011.2 Equipment 3312 Operations security 3812.1 Operational procedures and responsibilities 3812.2 Protection from malware 4112.3 Backup . 4212.4 Logging and monitorin

18、g . 4312.5 Control of operational software 4512.6 Technical vulnerability management .4612.7 Information systems audit considerations 4813 Communications security 4913.1 Network security management . 4913.2 Information transfer .5014 System acquisition, development and maintenance 5414.1 Security re

19、quirements of information systems .5414.2 Security in development and support processes .5714.3 Test data .6215 Supplier relationships .6215.1 Information security in supplier relationships 62BS ISO/IEC 27002:2013BS EN ISO/IEC 27002:2017EN ISO/IEC 27002:2017 (E)EN ISO/IEC 27002:2017 (E) 3 European f

20、oreword The text of ISO/IEC 27002:2013 including Cor 1:2014 and Cor 2:2015 has been prepared by Technical Committee ISO/IEC JTC 1 “Information technology” of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) and has been taken over as EN

21、 ISO/IEC 27002:2017. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by August 2017, and conflicting national standards shall be withdrawn at the latest by August 2017. Attention is drawn to the poss

22、ibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries a

23、re bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, P

24、ortugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. Endorsement notice The text of ISO/IEC 27002:2013 including Cor 1:2014 and Cor 2:2015 has been approved by CEN as EN ISO/IEC 27002:2017 without any modification. ISO/IEC 27002:2013(E) ISO/IEC 201

25、3 All rights reserved iiiContents PageForeword v0 Introduction .vi1 Scope . 12 Normative references 13 Terms and definitions . 14 Structure of this standard . 14.1 Clauses . 14.2 Control categories 15 Information security policies 25.1 Management direction for information security . 26 Organization

26、of information security . 46.1 Internal organization . 46.2 Mobile devices and teleworking 67 Human resource security 97.1 Prior to employment 97.2 During employment . 107.3 Termination and change of employment 138 Asset management 138.1 Responsibility for assets 138.2 Information classification .15

27、8.3 Media handling 179 Access control .199.1 Business requirements of access control 199.2 User access management 219.3 User responsibilities . 249.4 System and application access control 2510 Cryptography .2810.1 Cryptographic controls . 2811 Physical and environmental security .3011.1 Secure areas

28、 3011.2 Equipment 3312 Operations security 3812.1 Operational procedures and responsibilities 3812.2 Protection from malware 4112.3 Backup . 4212.4 Logging and monitoring . 4312.5 Control of operational software 4512.6 Technical vulnerability management .4612.7 Information systems audit consideratio

29、ns 4813 Communications security 4913.1 Network security management . 4913.2 Information transfer .5014 System acquisition, development and maintenance 5414.1 Security requirements of information systems .5414.2 Security in development and support processes .5714.3 Test data .6215 Supplier relationsh

30、ips .6215.1 Information security in supplier relationships 62BS ISO/IEC 27002:2013BS EN ISO/IEC 27002:2017ISO/IEC 27002:2013(E)ISO/IEC 27002:2013(E)iv ISO/IEC 2013 All rights reserved15.2 Supplier service delivery management 6616 Information security incident management 6716.1 Management of informat

31、ion security incidents and improvements .6717 Information security aspects of business continuity management .7117.1 Information security continuity 7117.2 Redundancies 7318 Compliance 7418.1 Compliance with legal and contractual requirements .7418.2 Information security reviews 77Bibliography .79BS

32、 ISO/IEC 27002:2013ISO/IEC 27002:2013(E)ForewordISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of

33、 International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in l

34、iaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.ISO/IEC 27002 was prepared by

35、Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques.Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent r

36、ights.This second edition cancels and replaces the first edition (ISO/IEC 27002:2005), which has been technically and structurally revised. ISO/IEC 2013 All rights reserved vBS ISO/IEC 27002:2013BS EN ISO/IEC 27002:2017ISO/IEC 27002:2013(E)ISO/IEC 27002:2013(E)iv ISO/IEC 2013 All rights reserved15.2

37、 Supplier service delivery management 6616 Information security incident management 6716.1 Management of information security incidents and improvements .6717 Information security aspects of business continuity management .7117.1 Information security continuity 7117.2 Redundancies 7318 Compliance 74

38、18.1 Compliance with legal and contractual requirements .7418.2 Information security reviews 77Bibliography .79BS ISO/IEC 27002:2013ISO/IEC 27002:2013(E)ForewordISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized syste

39、m for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees col

40、laborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.International Standard

41、s are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.ISO/IEC 27002 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques.Attention is drawn to the possibility that some of the elements of this documen

42、t may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights.This second edition cancels and replaces the first edition (ISO/IEC 27002:2005), which has been technically and structurally revised. ISO/IEC 2013 All rights reserved vBS ISO/IEC 27

43、002:2013BS EN ISO/IEC 27002:2017ISO/IEC 27002:2013(E)ISO/IEC 27002:2013(E)0 Introduction0.1 Background and contextThis International Standard is designed for organizations to use as a reference for selecting controls within the process of implementing an Information Security Management System (ISMS)

44、 based on ISO/IEC 2700110or as a guidance document for organizations implementing commonly accepted information security controls. This standard is also intended for use in developing industry- and organization-specific information security management guidelines, taking into consideration their spec

45、ific information security risk environment(s).Organizations of all types and sizes (including public and private sector, commercial and non-profit) collect, process, store and transmit information in many forms including electronic, physical and verbal (e.g. conversations and presentations).The valu

46、e of information goes beyond the written words, numbers and images: knowledge, concepts, ideas and brands are examples of intangible forms of information. In an interconnected world, information and related processes, systems, networks and personnel involved in their operation, handling and protecti

47、on are assets that, like other important business assets, are valuable to an organizations business and consequently deserve or require protection against various hazards.Assets are subject to both deliberate and accidental threats while the related processes, systems, networks and people have inher

48、ent vulnerabilities. Changes to business processes and systems or other external changes (such as new laws and regulations) may create new information security risks. Therefore, given the multitude of ways in which threats could take advantage of vulnerabilities to harm the organization, information

49、 security risks are always present. Effective information security reduces these risks by protecting the organization against threats and vulnerabilities, and then reduces impacts to its assets.Information security is achieved by implementing a suitable set of controls, including policies, processes, procedures, organizational structures and software and hardware functions. These controls need to be established, implemented, monitored, reviewed and improved, where necessary, to ensure that the specific security and business

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1