ISO/IEC TR 27008:2011 信息技术 安全技术 信息安全控件审计人员指南

标准编号：ISO/IEC TR 27008:2011

中文名称：信息技术 安全技术 信息安全控件审计人员指南

英文名称：Information technology — Security techniques — Guidelines for auditors on information security controls

发布日期：2011-10

标准范围

ISO/IEC TR 27008:2011为审查控制措施的实施和操作提供了指导，包括信息系统控制措施的技术合规性检查，以符合组织既定的信息安全标准。ISO/IEC TR 27008:2011适用于所有类型和规模的组织，包括进行信息安全审查和技术合规性检查的公共和私营公司、政府实体和非营利组织。它不用于管理体系审计。

ISO/IEC TR 27008:2011 provides guidance on reviewing the implementation and operation of controls, including technical compliance checking of information system controls, in compliance with an organization's established information security standards.

ISO/IEC TR 27008:2011 is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations conducting information security reviews and technical compliance checks. It is not intended for management systems audits.

标准预览图