1、 1 ISO/IEC 13335-1 : 2004Information technlgy Security techniques Management of information andcommunications technology security Part 1: Concepts and models for informationand communications technology security management(IDT) /13335-1 2006 22006/1220071179 / 13335-12006 , 2007 , - II 27 2002 . 184
2、- , 1.02004 . - 1 - ( -) - , 4, - - - ( )2 10 -, 3 - 19 2006 . 317-4 / 13335-1:2004. - . . - . 1. - (ISO/IEC 13335-1 : 2004 Information technology Securitytechniques Management of information and communications technology security Part 1: Concepts andmodels for information and communications technol
3、ogy security management). - 1.52004 ( 3.5)5 - , . () - . -, - 1* III1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.1 . . . . . . . .
4、 . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.4 . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5、. . . . . . . . . . . . . .3.5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.8 . . .
6、. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.9 . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 , . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.1 - . . . . . .4.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7、. . . . .4.3 - - . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5 - . . . .5.1 . . . . . . . . . . . . . . . . . . . . . . . . . . .5.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6 - . . .6.1 . . . . . . . . . . . . . . . . . . . .
8、. . . . . . . . . . . . . . . . . . . .6.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11333345556689101012121517171717 / 13335-1 2006 20070801 1 Information technology. Security technique
9、s. Part 1. Concepts and models for information and communicationstechnology security management / 13335-1 20062179 11 - (), , , , , . - . . , - . - .2 / 17799, / 13335-4, - :2.1 (accountability): , - ./ 7498-22.2 (asset): , .2.3 (authenticity): , , -. , , , - .2.4 (availability): - ./ 7498-22.5 (bas
10、eline controls): , - .2.6 (confidentiality): , ./ 7498-2 22.7 (control): - (. 2.24).2.8 (guidelines): , , - .2.9 (impact): .2.10 (information security incident): - , -. :- , ;- ;- ;- ;- ;- ;- ;- .2.11 - ( )(ICT security): , , -, , , , , - .2.12 - ( ) (IC security policy): , , , -, - , - , .2.13 () (
11、information processing facility(ies): - , , .2.14 (information security): , -, , , , , -, .2.15 (integrity): .2.16 (non-repudiation): - , ./ 13888-1, / 7498-22.17 (reliability): -.2.18 (residual risk): , .2.19 (risk): . .2.20 (risk analysis): .2.21 (risk assessment): , , .2.22 (risk management): , ,
12、 , - .2.23 (risk treatment): .2.24 (safeguard): , . , (. 2.7).2.25 (threat): , . / 13335-1 20062* 32.26 (vulnerability): , - .3 3.1 - :- . - , , , , , ;- . ;- . , - , ;- , , , - , .- . - , , . - .3.2 - . , . ( ):- ( , , );- () ( , );- ;- ;- ;- ( , ). , - . - , . - . -, . , , :, , . . , , - , , . - . , ,
