KS X ISO IEC 27011-2011 Information technology-Security techniques-Information security management guidelines for telecommunications organizations based on KS X ISO IEC 27002《信息技术 .pdf

1、 KSKSKSKSKSKSKSK KSKSKS KSKSK KSKS KSK KS KS X ISO/IEC 27011 KS X ISO/IEC 27002 KS X ISO/IEC 27011:2011 2011 12 29 http:/www.kats.go.krKS X ISO/IEC 27011:2011 : e- ( ) ( ) ( ) : () () KISA KISA ETRI ETRI : (http:/www.standard.go.kr) ： ：2011 12 29 2011-0674 ： e- ： ( 02-509-7262) (http:/www.kats.go.kr

2、). 10 5 , . KS X ISO/IEC 27011:2011 i . iii iv 1 1 2 1 3 .1 4 3 4.1 .3 4.2 .4 5 6 6 6 6.1 .7 6.2 9 7 .12 7.1 12 7.2 14 8 15 8.1 15 8.2 .18 8.3 .18 9 18 9.1 .18 9.2 .20 10 22 10.1 22 10.2 3 .25 10.3 .25 10.4 25 10.5 26 10.6 26 10.7 .27 10.8 .27 10.9 27 10.10 27 11 .29 11.1 .29 11.2 30 11.3 .30 11.4 3

3、0 KS X ISO/IEC 27011:2011 ii 11.5 .30 11.6 .30 11.7 .30 12 , .30 12.1 30 12.2 30 12.3 .31 12.4 31 12.5 32 12.6 32 13 .32 13.1 32 13.2 .34 14 36 14.1 .37 15 39 A( ) 40 B( ) 49 51 KS X ISO/IEC 27011:2011 .52 KS X ISO/IEC 27011:2011 iii . . , , . , , . KS X ISO/IEC 27011:2011 iv 2008 1 ISO/IEC 27011, I

4、nformation technology Security techniquesInformation security management guidelines for telecommunications organizations based on ISO/IEC 27002 . KS X ISO/IEC 27002( ) . , KS X ISO/IEC 27002 , . 1) . , , , , . . . (secrecy of communications) (non-disclosure of communication) . 2) , / / , , . 3) , ,

5、, , . , , , . ( , , , ) . , , . . . , , . , , . , , , , , . KS X ISO/IEC 27011:2011 v (Audience) , , , KS X ISO/IEC 27002 , , . KS X ISO/IEC 27011:2011 KS X ISO/IEC 27002 Information technology Security techniques Information security management guidelines for telecommunications organizations based

6、on KS X ISO/IEC 27002 1 . , , . 2 . . ( ) . KS X ISO/IEC 27001, KS X ISO/IEC 27002, 3 3.1 KS X ISO/IEC 27002 . , . 3.1.1 . 3.1.2 KS X ISO/IEC 27011:2011 2 3.1.3 , , , 3.1.4 , , , , . 3.1.5 . . 3.1.6 3.1.7 , 3.1.8 3.1.9 3.1.10 , , , , , 3.1.11 3.1.12 , 3.1.13 , KS X ISO/IEC 27011:2011 3 3.1.14 3.1.15

7、 3.1.16 3.1.17 ( , , , ) 3.2 , . ADSL Asymmetric Digital Subscriber Line ASP CATV Application Service Provider Community Antenna TeleVision CERT Computer Emergency Response Team DDoS Distributed Denial of Service DNS Domain Name System DoS Denial of Service ISAC Information Sharing and Analysis Cent

8、re ISMS Information Security Management System NGN Next Generation Network NMS Network Management System OAM&P Operations, Administration, Maintenance and Provisioning PIN Personal Identification Number PSTN Public Switched Telephone Network SIP Session Initiation Protocol SLA Service Level Agreemen

9、t SOA Statement of Applicability UPS Uninterruptible Power Supply URL Uniform Resource Locator VoIP Voice over Internet Protocol 4 4.1 KS X ISO/IEC 27002 . KS X ISO/IEC 27002 KS X ISO/IEC 27002 . KS X ISO/IEC 27011:2011 4 A( ) . , KS X ISO/IEC 27002 , . . (6.) (7.) (8.) (9.) (10.) (11.) , , (12.) (1

10、3.) (14.) 4.2 4.2.1 . , , . , , , . , , . , , , , , , , , . , . , . , KS X ISO/IEC/27001 ISMS . . , , , , , . . , , . , ISMS . 4.2.2 . a) / KS X ISO/IEC 27011:2011 5 ( , ) . b) , , , , c) , . a) , , , , . / , / . b) . , . c) . , , . . d) . . , , , . e) , . . . . a) ISMS b) , , c) d) KS X ISO/IEC 270

11、01 ISMS e) ISMS / ISMS 4.2.3 . . 7.1.1 . 4.2.4 KS X ISO/IEC 27011:2011 6 4.2.4.1 . 3 . a) , . , , . b) , , . (A.15.1.7), (A.15.1.8) . , , / . , , . c) , , . 4.2.4.2 . . . . 4.2.4.3 , , . . . , . , , , . 4.2.4.4 KS X ISO/IEC 27002 0.7 . 5 KS X ISO/IEC 27002 5. . 6 KS X ISO/IEC 27011:2011 7 6.1 ： . .

12、, . , . , , . . 6.1.1 KS X ISO/IEC 27002 6.1.1 . 6.1.2 KS X ISO/IEC 27002 6.1.2 . 6.1.3 KS X ISO/IEC 27002 6.1.3 . 6.1.4 KS X ISO/IEC 27002 6.1.4 . 6.1.5 . . . a) ( , ) b) . . c) d) ( ) e) , , , f) g) h) KS X ISO/IEC 27011:2011 8 i) j) , , . (KS X ISO/IEC 27002, 15.1.1 ). , . , . a) b) c) d) e) , , , . . 6.1.6 . ( , , , ) , . 3 ( ) . , . (14. ). . ( ), , , KS X ISO/IEC 27011:2011 9 . 6.1.7 KS X ISO/IEC 27002, 6.1.7 . 6.1.8 KS X ISO/IEC 27002, 6.1.8 . 6.2 ： , , . . . , , . , . 6.2.1 KS X ISO/IEC 27002, 6.2.1 . 6.2.2 . ( , ). a) 1) 2) 3) 4) b) c) , , d) 1)