1、 /270042011 .ISO/IEC 27004:2009Information technology Security techniques Informationsecurity management Measurement(IDT) 27 2002 . 184- , 1.02004 . 1 - ( ), - - - ( ) ( ) ( () , 42 362 3 1 2011 . 681-4 / 27004:2009 - . . . (ISO/IEC 27004:2009 Information technology Security techniques Information s
2、ecurity management Measurement). - 1.5, 3.5. - , - 5 , - . - () . , , 2012 , - - II / 2700420111 12 13 14 35 , .35.1 , .35.2 55.3 55.4 66 116.1 116.2 126.3 , , .127 127.1 127.2 127.3 .137.4 137.5 147.6 .167.7 , .177.8 .178 178.1 178.2 188.3 , 189 .189.1 189.2 .189.3 .1910 1910.1 .1910.2 2010.3 , 201
3、0.4 .21 A () , .22 () 24 () .53 54III / 2700420110 0.1 - (), / 27001. , , , , - , , - . , - . , ( ). - , , , , () . - / 27001 . , , , ( / 27005) - / 27001. -, - . - , - . .0.2 / 27001 - , - , . / 27001 , - , , , -., , / 27001, , , , -, , . - , , , . , , .IV / 270042011 , , - , / 27001:) (,- );b) ;c)
4、 ;d) ;e) ;f) , ;g) , , , , , ;h) . , , .,-,. , . , ., , ,-.V / 270042011 . Information technology. Security techniques. Information security management. Measurement 201201011 , / 27001. . - (, , ; , ; , ; , ), / , 2, 2004, H. . / 27000:2009, .2 . . , ./ 27000:2009 . -. . (ISO/IEC 27000:2009, Informa
5、tion technology Security techniques Information security managementsystems Overview and vocabulary)/ 27001:2005 . -. . (ISO/IEC 27001:2005,Information technology Security techniques Information security management systems Requirements)3 / 27000, :3.1 (analytical model): , - / ./ 15939:20073.2 (attri
6、bute): , ./ 15939:20071 / 270042011 3.3 1)(base measure): , - ./ 15939:2007 .3.4 (data): , , - () ./ 15939:20073.5 (decision criteria): , , ./ 15939:20073.6 1)(derived measure): , - ./ 15939:20073.7 (indicator): , , , - .3.8 (information need): (), () , , ./ 15939:20073.9 2)(measure): , , ./ 15939:2007 (measures) , . , .3.10 (measurement): , , , .3.11 (measurement function): , ./ 15939:20073.12 (measurement method): - ,
