GOST R ISO IEC 27000-2012 Information technology Security techniques Information security management systems Overview and vocabulary《信息技术 安全技术 信息安全管理体系 综述和词汇》.pdf

1、 /270002012 . ISO/IEC 27000:2009Information technology Security techniques Information security management systems Overview and vocabulary(IDT) 1 - ( ) - ( ) - ( ) - , 42 362 3 15 2012 . 813-4 / 27000:2009 - . . - . (ISO/IEC 27000:2009 Information technology Security techniques Information security

2、management systems Overview and vocabulary). - , A5 1.02012 ( 8). ( 1 ) , -.() - . , - (gost.ru) , 2014 , - - II / 2700020121 .12 13 43.1 .43.2 43.3 63.4 .63.5 , , .73.6 83.7 .94 .94.1 94.2 , .104.3 , 104.4 , 104.5 , .11 () , .12 () 13 () .1415III / 270002012 . , , . SC 27 ISO/IEC JTC 1 , -, (). - ,

3、 , , , , , . 1) . - Information technology Security techniques (- . ):- ISO/IEC 27000:2009, Information security management systems Overview and vocabulary (- . );- ISO/IEC 27001:2005, Information security management systems Requirements ( . );- ISO/IEC 27002:2005, Code of practice for information s

4、ecurity management ( - );- ISO/IEC 27003, Information security management system implementation guidance ( );- ISO/IEC 27004, Information security management Measurement ( - . );- ISO/IEC 27005:2008, Information security risk management ( );- ISO/IEC 27006:2007, Requirements for bodies providing aud

5、it and certification of information securitymanagement systems ( , );- ISO/IEC 27007, Guidelines for information security management systems auditing ( );- ISO/IEC 27011, Information security management guidelines for telecommunications organizationsbased on ISO/IEC 27002 ( , , ISO/IEC 27002). . - ,

6、 ISO/IEC JTC 1 . , :- ISO 27799:2008, Health informatics Information security management in health usingISO/IEC 27002 ( . - ISO/IEC 27002);- ISO/IEC 27000:2009 , , . , - , . , :- ;- , () (Plan) (Do) (Check) (Act) (PDCA) ;1) , , -.IV / 270002012- ;- . , :- , - ;- , ;- ., , , - , ISO/IEC 27002, . , /,

7、 .V / 270002012 . Information technology. Security techniques. Information security management systems. Overview and vocabulary 201312011 :- ;- ();- (Plan) (Do) (Check) (Act) (PDCA);- . (, -, , ).2 . , - , - . .: (attack) (2.4) , , , , (2.3) . -, . , , , , , , -, .2.1 (access control): , (2.3) .2.2

8、accountability): .2.3 (asset): -, . :- (2.18);- ;- , ;-;- ,;- , .1 / 270002012 2.4 (attack): , , , , , (2.3) .2.5 (authentication): , - .2.6 (authenticity): , , .2.7 (availability): .2.8 (business continuity): (2.31) () - (2.30), .2.9 (confidentiality): - , (2.31).2.10 (control): - (2.34), (2.28),

9、2.30), (2.16), - , , , . - .2.11 (control objective): , - (2.10).2.12 (corrective action): - .ISO 9000:20052.13 (effectiveness): , .ISO 9000:20052.14 (efficiency):- .2.15 (event): .ISO/IEC Guide 73:20022.16 (guideline): , , .2.17 (impact): -.2.18 (information asset): , .2.19 (information security):

10、 (2.9), (2.25) (2.7) . , (2.6), - (2.2), (2.27) (2.33).2.20 (information security event): - , , (2.28) (2.19), (2.10) , .2.21 (information security incident): - (2.20), - (2.19).2.22 (information security incidentmanagement): (2.31) , , , , (2.21).2.23 () (information securitymanagement system (ISMS): (2.26), - , , , , , - (2.19).2 / 2700020122.24 (information security risk): - , (2.46) (2.45) (2.3) , .2.25 (integrity): (2.3).2.26 (management system): ,