GOST R 56045-2014 Information technology Security techniques Guidelines for auditors on information security controls《信息技术 安全技术 信息安全控制审计指南》.pdf

1、 56045 2014/ISO/IEC TR 27008:2011 ISO/IEC TR 27008:2011 Information technology - Security techniques - Guidelines for auditors on information security controls (IDT) 560452014/ISO/IEC TR 27008:2011 II 1 - ( ), - - ( ) - ( ) , 4 2 22 3 - 11 2014 . 569- 4 ISO/IEC TR 27008:2011 - . . - (ISO/IEC TR 2700

2、8:2011 Information technology Security techniques Guidelines for auditors on infor-mation security controls) - 1.5 ( 3.5). - , - . 5 1.02012 ( 8). ( 1 ) , - . () - - . , (gost.ru) , 2015 , . 560452014/ISO/IEC TR 27008:2011 III 1 1 2 1 3 1 4 1 5 .2 6 .3 7 6 8 11 A () 20 B () ( ) .36 () .39 40 5604520

3、14/ISO/IEC TR 27008:2011 IV / 27008 / 1 , 27 - . / 27001 / 27005 (), , / 27002. - , , , , . / 27007, / 27006. 560452014/ISO/IEC TR 27008:2011 1 Information technology Security techniques Guidelines for auditors on information security controls 20150601 1 , , . , - , -, . - . 2 . , - ( ). / 27000:200

4、91) . -. . (ISO/IEC 27000:2009, Information technology Security techniques Information security management sys-tems Overview and vocabulary). 3 / 27000, : 3.1 (review object): . 3.2 (review objective): , , . 3.3 (security implementation standard): , - . 4 - , . 5 . 6 - . 7 , 8 . A , B . 1). / 27000:

5、2014. -, , . 560452014/ISO/IEC TR 27008:2011 2 5 , . -, , , - . - , , . - , , -, . - , , - , , . -, . , , , . / 27002:2005 - , / - . - , , (, , ), , (). . , - , , - . . - , : - - , - ; - , ; - , . , : - - , , , ; - ; - ; - , , , ; - , -. - , . 560452014/ISO/IEC TR 27008:2011 3 - , , / 27004, / 27005 / 27007 . - - . - , , , , . 73 , - , . 6 6.1 , , , , , , - , , - , -. , , - , (, - , ). , , - . : - , , , , - , , , ; - , , -